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A pork belly trader, for example, could monitor weather trends, price fluctuations and inventories all at once. 

Enterprise Mashups Get 
Caught in the Web 2.0 



BY P. J. CONNOLLY 

Outside the computing world, a "mashup" is a 
combination of two or more outwardly dissimilar 
audio or video tracks; think of The Clash's "Rock 
the Casbah" mixed with Stevie Wonder s "Uptight" 
as a surprisingly good example of the genre. But in 
the developers universe, a mashup combines Web 
services to create a more useful result: for example, 
mixing a Google search for movie theaters with a 
mapping tool to present data points, with driving 
directions to a theater and show times. 

If this sounds a lot like the Semantic Web that 
Tim Berners-Lee postulated back in 1999, it 
should. Although the W3C might complain — in 
defense of its own Semantic Web project — it 
seems that mashup, programmable Web and 
semantic Web became interchangeable terms in 
2006, as part of the ongoing "Web 2.0" hype. 

"There are two different worlds talking about 
these things that are now colliding violently," 
explained ZapThink senior analyst and principal 



Jason Bloomberg. "On the one hand, you have the 
whole Web 2.0 thing, which is consumer-oriented, 
its collaborative, it's Web-based. ... There are a few 
business models out there, but they're mostly 
graphical and they mostly take advantage of map- 
ping capabilities. The other world is the world of 
SOA," he continued, where IT groups are "looking 
to build loosely coupled services that abstract vari- 
ous sorts of IT capabilities across the organization, 
with the purpose of composing these into a service- 
oriented business application [SOBA]. What's hap- 
pening in the SOBA world is that we're shifting to 
a greater focus on the service consumer, which is 
now [a] piece of software." 

Perhaps one of the best "live" resources is Pro- 
grammableWeb (www.programmableweb.com), 
which founder John Musser started in August 
2005 out of what his blog calls "frustration" with 
the lack of an overall view of the Web-as-plat- 
form APIs. In recent weeks, the site has listed 
continued on page 28 ► 



New Security Threats 
For Web 2.0 Detailed 



BY JEFF FEINMAN 

Security watchdogs at SPI 
Dynamics are sounding an alert 
to software developers: Though 
Web 2.0 technologies can lead 
to the creation of more user- 
friendly applications, they also 
provide new input vectors and 
the potential for increased secu- 
rity vulnerabilities. 

The company laid out seven 
areas where it believes threats to 
Web applications will occur. 
They are the sacrifices of quali- 
ty caused during rapid applica- 
tion development, file format 
vulnerabilities, hacking along 
bridges between two collaborat- 
ing sites, insecure embedded 
Web applications, increased vul- 



nerabilities with the rise of Web 
2.0 applications such as AJAX 
and SOAP, client-side vulnera- 
bilities like phishing attacks and 
identity theft, and Web applica- 
tion worms. 

SPI Dynamics said that the 
two main factors behind these 
security vulnerabilities are rich 
Internet applications and in- 
creased criminal activities. 

Michael Sutton, security 
evangelist for SPI Dynamics, 
said that the majority of vulnera- 
bilities exist because of unfil- 
tered users. "From a developer's 
perspective, validating user 
input is an absolutely key thing," 
he said. "The vast majority of 
continued on page 26 ► 



BEA's SOA 360 Takes 
Shape With BPM Suite 



BY ALEX HANDY 

BEA Systems' SOA 360 system 
is beginning to materialize. The 
company announced a new busi- 
ness process management suite 
for AquaLogic users at its con- 
ference in Beijing this past 
December. BEA also announced 
JRockit Mission Control 2.0, the 
next version of its Java Virtual 
Machine management system, 
which it claims adds new moni- 
toring capabilities and offers 
faster performance for Java 
applications. 

Jesper Joergensen, BEA's 



director of product marketing for 
the AquaLogic BPM Suite, said 
the company's push into the BPM 
space began when it acquired 
Fuego in March. That purchase 
brought BPM tooling into the 
AquaLogic platform. Joergensen 
said that the BPM Suite offers 
architects a place to watch their 
processes and behaviors in pro- 
duction environments. 

"You model your own original 
process, and as you move from 
modeling to implementation, the 
suite allows you to run that mod- 
continued on page 21 ► 
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JCP Goes Mobile With Services Spec 

Java governing body also looks at data mining, resource consumption 



BY ALEX HANDY 

While the release of Java SE 6 
drew more publicity, another 
important Java specification 
was finalized in December by 
the Java Community Process: 
JSR 248, the Mobile Services 
Architecture, which gathers up 
the necessary mobile phone- 
related JSRs into a single list. 

"The existing J2ME JSRs 
and specifications target spe- 
cific APIs and technologies," 
reads the description of the 
Mobile Services Architecture 
on the JCP site. "In addition, 
the relevant configuration and 
profile JSRs define an applica- 
tion environment that is not 
only scoped to mobile hand- 
sets. The net result is that 
many of the JSRs are more 
general than appropriate for 
mobile phones. This JSR pro- 
vides guidelines to integrate 
J2ME JSRs in a uniform and 
predictable arrangement that 
is customized specifically for 
the high -volume handsets." 

Included in the Mobile Ser- 
vices Architecture's required 
specifications are JSRs that 
define the handling of Blue- 
tooth, vector graphics, interna- 
tionalization and Session Initia- 
tion Protocol. That last 
protocol, the API defined in 
JSR 180, also received a good 
going over by the JCP in 
December. The protocols de- 
fined therein were clarified 
with additional descriptions for 
error messages and exceptions, 
and those changes were expect- 
ed to be made final on Jan. 7. 

Some new JSRs made it 
through their first public 
reviews in December as well. 
Data Mining 2.0 saw its initial 
public draft review in early 
December, and with the excep- 
tion of IBM's complaints about 
possible licensing issues related 
to the JSR, the specification is 
now on its way to a final draft. 
This update to JSR 73, which 
laid out an API for exploring 
and scoring large volumes of 
data, will add multirecord real- 
time scoring, facilities for mod- 
eling periodic fluctuations in 
data, and a method for defining 
composite models structured 
with logic, according to the 
JCP's Web site. 

With the Java platform 
expanding into new realms and 
taking on ever more complicated 



problems, JSR 284 seeks to sim- 
plify the process of monitoring 
and adapting to resource con- 
straints within Java programs. 
This Resource Consumption 
Management API passed its 
public review in mid-December. 
The specification calls for meth- 
ods to describe and monitor 
environmental resources within 
Java applications, capabilities 



that have typically resided within 
the operating system on which 
the application runs. 

Headed by Grzegorz Cza- 
jkowski of Google, the API 
should offer developers a way to 
monitor application users and 
their consumption of memory, 
CPU and disk resources. This 
JSR also seeks a way to help 
minimize the risks associated 



with distributed denial-of-ser- 
vice attacks, something that 
many Java programs are current- 
ly vulnerable to. 

Another JSR passing its pub- 
lic review in December was the 
Fault Management API. JSR 
263 seeks to give network 
administrators a clearer path to 
fault notification within Java 
applications. This new specifica- 



tion is also designed to give users 
of JSR 90, the Quality of Service 
API, the ability to continue using 
their existing infrastructure, at 
least until the Performance 
Management API JSR is initiat- 
ed. Once that appears, develop- 
ers will have a clear upgrade path 
from the QoS API to these new- 
er APIs without requiring a com- 
plete code rewrite. I 



Of Registries 
And ESBs 

Oracle's Farrell talks about 
vision for middleware 
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BY ALEX HANDY 

As businesses continue to drive 
Web services and the Web 
2.0 boom, SD Times had the 
chance to speak with Ted Far- 
rell, Oracle's chief architect 
and vice president of tools and 
middleware, about the future 
of Oracle's Fusion and the cur- 
rent state of middleware. 

SD Times: How will SOA change 
in 2007? 

Ted Farrell: In 2006 the biggest 
trend we saw was the filling in of 
the definition of middleware. A 
couple of years ago, they used 
middleware to mean a J2EE 
application server, but now we 
really filled out the technology 
with ESBs [enterprise service 
buses], integrated security, inte- 
grated encryption, BAM and 
monitoring. When you had mid- 
dleware that was sparse pieces, 
[developers] ended up writing a 
lot of custom glue code that 
would hold it together. 

[This past year], we've seen a 
lot of uptake of [newer] technol- 
ogy because they don't have to 
do the glue code and it's less 
scary for them. It's not one of 
those all-or-nothing things. If 
you look at the software revolu- 



tions that come along, they're 
telling you to rewrite everything 
you have. We have a lot of cus- 
tomers and users internally who 
just keep their legacy info the 
way it is, expose some services 
to that info, and build some new 
services and UIs on top of that. 
It's building momentum. So 
they have time to figure out how 
to handle that legacy code and 
break that up and update it. 
They have time to do that. Peo- 
ple are realizing that "Hey, I can 
do this! This isn't something 
that's going to cripple my busi- 
ness for the next two years." 

How do you have your 
developers build an application 
you deploy, and how can you 
adapt that deployed application 
without going back to the 
developers? A much-higher- 
level user coming from a 
browser-based interface can 
modify the application easily 
and in ways they could never 
do before. 

Everyone has their own set of 
SOA pieces. How do those pieces 
stack up? Does everyone need 
registries, repositories, ESBs, 
etc.? 

The ESB space is really interest- 
ing. There is no industry standard 



definition of what an ESB is. I 
think the ESB has an interesting 
role in all of this. It's the core way 
you talk to your services. This is 
the thing that makes sure the 
message gets to the right service 
at the right time reliably and 
securely. We have people looking 
for that solution and it gets us 
in the door, but I think BPEL 
[Business Process Execution 
Language] is a bigger driver. 

I think there were a lot of 
panic moves in the industry this 
year around [registries/reposito- 
ries]. Analysts started pushing a 
lot of governance requirements, 
and I think that caused a lot of 
people to want something in 
that space and tell people they 
had it. I think there's still some 
work to be done to figure out 
what's really needed. 

And what's the difference 
between registry versus meta- 
data repository? You get four 
people in a room talking about 
that, and you'll never get all 
four to agree. 

As far as the promise of hav- 
ing a single registry that's 
always up to date and it's where 
you find all your services, most 
of our customers aren't there 
yet. 



Are you seeing any patterns in 
SOA uptake? Where does it start 
in organizations? 

I was in a CIO summit with 100 
of our customers, and talking 
with them [I learned that] some 
of them are still exploring SOA, 
some of them have pilot projects 
going, and some have projects in 
production. 

I think there are a lot of ben- 
efits to SOA. I would argue that 
anyone in enterprise today 
should think about SOA; they 
can get benefits even from small- 
er installations. 

I was talking to a bank where 
customers had to call up to add 
new people to their accounts. 
The bank wanted to automate 
that. They went after the Web 
services we exposed in Siebel 7.8 
and went after BPEL with that. 
They had functionality that was 
improving their business and 
lowering costs because their 
people on the phone weren't get- 
ting pounded. 

If you look at their code, 95 
percent was the legacy code, and 
the rest is new. You don't need to 
dive completely into the deep 
end to get the benefits from it. 
You should start a pilot program 
to get the experience, make the 
mistakes and learn what you 
need. The types of info you can 
capture from a declarative 
process are far better than from 
custom code you have to mine 
info out of. 

I think we have a couple of 
approaches, but it really depends 
on where the company is and 
where it comes from. I think hav- 
ing a pilot program to get your 
feet wet is important. It's always 
good if that project has some- 
thing to do for your company, 
too. Eventually, it's key to get one 
or more application architects. 

This is a fundamental differ- 
ence of building SOA versus 
code-based projects. You need 
someone to understand how the 
continued on page 18 ► 
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Chart FX OLAP 

A .NET graphical front-end 
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Two-Thirds of Developers Now Use Eclipse 

BZ Research study finds developers are using Eclipse for Java, Web development 



BY ALAN ZEICHICK 

Two-thirds of enterprise soft- 
ware developers — 66.3 per- 
cent — use Eclipse. That's accord- 
ing to the most recent Eclipse 
Adoption Study, conducted by 
BZ Research in November 
2006. The study has an accuracy 
of 2 percentage points. 

Eclipse penetration has been 
increasing slowly but surely, 
since BZ Research (a division of 
BZ Media, publisher of SD 
Times) began studying Eclipse 
adoption. In the first Eclipse 
study, in September 2004, usage 
was 53.9 percent, and it jumped 
to 62.5 percent by the second 
study, in November 2005. 

Why do developers use 
Eclipse? The top reason, chosen 
by 64.7 percent of respondents, 
was that it's a low-cost solution. 
Next was that Eclipse is an open- 
source solution (61.5 percent), 
that there's a wide array of plug- 
ins available (60.4 percent), it's 



extensible (47.6 percent), it's easy 
to learn and use (40.3 percent), 
and it's cross-platform (37.4 per- 
cent). Those answers closely 
match the answers given to the 
same question in the 2005 study. 

"We are using Eclipse 
because it is free, it has a lot of 
helpful plug-ins and a great 
community and foundation sup- 
porting it," said Aldo Nievas, 
CEO of Satio Software Solu- 
tions. "It's free, flexible and 
gives us great, powerful tools to 
do things like refactoring, mon- 
itor for flaws in code, and pro- 
vide point-of use API documen- 
tation and source browsing for 
our own libraries as well as the 
third-party libraries we use," 
added Jim Elliott, a senior soft- 
ware engineer with Berbee 
Information Networks. 

But not everyone is a fan: 
"We have tested Eclipse. We 
found the core functionality did 
not meet our needs. Plug-ins 



If you use Eclipse (or Eclipse-based tools), 
why do you use it? 



Because it is a low-cost solution 


64.7%| 






Because it is an open-source platform 1 61.5% 


Because there is a wide range 
of plug-ins available 


Because it's extensible 47.6% 


Because it's easy to learn/use 


40.3% 


Because it runs on cross-platform 
developer workstations 


37.4% 


Because it targets multiple deployment 
platforms 


34.6% 


Because we won't get locked in to 
a particular vendor 


34.2% 


Because my development team prefers it 


32.4% 


Because we like the license model 


31.5% 


Because it's technologically superior 


31.1% 


Because it is multi-language 


26.7% 


Because we can write our own plug-ins 


25.8% 


Because our preferred tools are based on it 


19.8% 


Because it's an alternative to Microsoft 


19.4% 


Because it is more stable 


16.1% 


Because we can modify the platform 


16.1% 


Because my IT/development 
management prefers it 


10.1% 


Because we're following IBM's lead 


9.3% 


Because I think it's a great career move 


8.6% 


Because it generates better code 


8.4% 


Because there are no other 
viable alternatives 


3.8% 


I don't know why we use Eclipse 


2.0% 


Because of an executive mandate 


1.8% 



Source: BZ Research 



are available, but at a significant 
cost when you find quality, suit- 
able ones. Sun Java Studio 
Enterprise 8 supplied better, 
cleaner, out-of-the-box func- 
tionality and was more cost 
effective once Sun reduced the 
cost to 0," said Daniel Utz, a 
senior developer with High 
Sierra Sport. 

"The organization is primari- 
ly a Microsoft Development 
house so we use .NET Frame- 
work-based development tools. 
Not currently looking at cross- 
platform development but if we 
do, we will be looking at Sun 
Solaris and best of breed tools 
for that platform," commented 
Darryl Jewett, president of 
Converging Solutions. 

And what do developers use 
Eclipse for? Java, according to 
fully 81.5 percent of respon- 
dents. Web development was 
cited by 57.4 percent, and Web 
services by 42.2 percent. This is 
again similar to the 2005 study. 

The most popular part of the 
Eclipse platform, other than the 
IDE, is the Java Development 
Tools (JDT) kit, followed by the 
J2EE Standard Tools (JST), 
Web Standard Tools (WST) and 
the Eclipse Modeling Frame- 
work (EMF). Another impor- 
tant part of the platform is its 
support for C/C++, but this part 
of Eclipse has lower usage. 

"Many existing apps are writ- 
ten in C++ either using Micro- 
soft or Borland C++Builder. [We 
are] migrating some of these to 
use QT and GNU tools and [are] 
now using Eclipse. This is going 
to take a long time and it is a long 
term objective over the next few 
years to eliminate our depen- 
dence on technologies which 
may have no future," noted Dave 
Hussey, director of NavSystems. 

SLOW RCP ADOPTION 

Over the past year, the Eclipse 
Foundation has placed a great 
deal of emphasis on promoting 
the Eclipse Rich Client Plat- 
form, which is a set of tooling 
that lets development teams 
use the Eclipse platform itself 
as part of the deliverable for a 
native application. However, 
adoption appears to be flat. 

When asked about their 
company's interest/involvement 
in the Eclipse RCP, only 6.0 per- 
cent of respondents said that 
they have built and deployed 



Which Eclipse "bits" are currently used by your 
organization? 



Java Development Tools (JDT) 




J2EE Standard Tools (JST) 


48.8% 


Web Standard Tools (WST) 


32.5% 


Eclipse Modeling Framework (EMF) 


31.7% 


Visual Editor (VE) 


28.6% 


Graphical Editor Framework (GEF) 


27.0% 


SQL Development Tools 


25.3% 


C/C++ IDE (CDE) 


23.9% 


Graphical Modeling Framework (GMF) 


20.0% 


Plug-In Development Environment (PDE) 


19.8% 


JavaServer Faces Tools 


18.5% 


Rich Client Platform (RCP) 


18.3% 


UML2 Project (UML2) 


18.1% 


Test & Performance Tools (TPTP) 


17.7% 


Data Tools Platform 


13.8% 


PHP IDE 


9.7% 


Business Intelligence 
& Reporting Tools (BIRT) 


8.8% 


AspectJ Development Tools (AJDT) 


7.6% 


Generative Model Transformer (GMT) 


4.7% 


Mobile Tools for Java 


4.3% 


Eguinox Framework 


4.3% 


Native Application Builder 


3.9% 


Connectivity (ODA Component) 


3.7% 


Embedded Rich Client Platform (eRCP) 


3.5% 


Device Software Development Platform 


3.3% 


Model Driven Development 
Infrastructure (MDDI) 


2.9% 


COBOL IDE 


1.0% 


DaliJPA Tools 


0.8% 



rich clients using the RCP (com- 
pared with 4.8 percent in 2005). 
Another 4.2 percent said that 
they are building RCP applica- 
tions but have not yet deployed 
them (compared with 5.3 per- 
cent in 2005). 

When you add that up, usage 
of the Eclipse RCP increased 
from 10.1 percent to 10.2 per- 
cent — a statistically insignificant 
difference. (The number of 
respondents who say they are 
using the Eclipse RCP project 
code was reported as 18.3 per- 
cent in another question, 
reflecting different wording.) 

"We build clients and plug- 
ins at the level just below RCP 
because most of what it provides 
is not flexible enough for us; e.g., 
SWT needs to be replaced in our 
apps," said John Mellor of Agfa 
HealthCare. "Eclipse RCP is 
very powerful, but it is not sim- 



Source: BZ Research 

pie," added Marcelo Mayworm, 
a software engineer with Visage. 

Overall, most of the com- 
ments respondents made about 
Eclipse were positive. 

"I'm a fan of open source, but 
for my IDE, I want what's best, 
not what's cheapest. I was skep- 
tical when we started using 
Eclipse, but I now feel that not 
only is it cheaper than the alter- 
natives, but it is higher quality as 
well. I also love the flexibility 
that we have with Eclipse. I'll 
always have a place in my heart 
for IntelliJ IDEA, but I'll proba- 
bly never purchase a newer ver- 
sion. Eclipse has just gotten too 
good to justify anything else. 
We need C#/mono/.NET devel- 
opment tools for Eclipse, then 
we could develop solely on 
GNU/Linux, and get rid of Visu- 
al Studio," said Adam Choate, 
CTO of Void Solutions. I 
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Groovy: Alive, but Barely Kicking 



BY ALEX HANDY 

Is Groovy still relevant now that 
the Java platform has embraced 
scripting languages? With the 
first release candidate of 
Groovy arriving last month, one 



might expect that the language 
is proceeding according to plan, 
but one of the language's origi- 
nal architects believes that 
Groovy s place in the Java world 
is strictly that of a trailblazer. 



When developer James Stra- 
chan began working on Groovy 
back in 2004, he and his col- 
leagues, Richard Monson-Hae- 
fel and Geir Magnusson Jr., 
were striving to prove that lan- 



guages other than Java could 
live inside the Java platform. 
Monson-Haefel and Magnus- 
son submitted the specification 
to the Java Community Process 
in March of that same year, and 
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Groovy started life as JSR 241. 

But as time passed, interest 
in the project waned. Strachan, 
who started out as the specifica- 
tion lead, left the project, and as 
2006 bore down with no official 
updates in sight, the Groovy 
team sought a new leader. 

That new leader was Guil- 
laume Laforge, a French pro- 
grammer, and while he's been an 
undeniably energetic guide for 
the project, the Groovy and 
Grails (Groovy on Rails) projects 
are still languishing in relative 
obscurity when compared with 
other scripting languages that 
have recently come to the JVM. 

"Groovy is not just a pale copy 
of an existing language," said 
Laforge, who expected the final 
1.0 version to be released at the 
end of December. "Groovys 
been thought [of] and designed 
for integrating natively with 
Java applications. It shares the 
same programming model.... The 
learning curve is rather flat when 
you're a Java developer because 
of Groovys Java-like syntax." 

'HASN'T JELLED' 

But despite the best intentions of 
Groovys developers, Monson- 
Haefel has already thrown in the 
towel on the project. He com- 
pared Groovy to an idealistic 
politician, unable to execute on a 
lofty goal, but laying the ground- 
work for future successes. 

"The fact is, the language just 
really hasn't jelled," said Mon- 
son-Haefel. "It's not surprising, if 
you look at programming lan- 
guages. It takes years for them to 
be really developed. When we 
pushed this through the JSR, my 
objective as executive was to 
open the public's eyes to the fact 
that more than one language can 
be executed on the Java plat- 
form. I think that succeeded." 

Monson-Haefel cited JRuby, 
Jython and the Mozilla project's 
Rhino JavaScript for Java as 
examples of how Groovy's 
attempt has influenced the evo- 
lution of the platform. 

"We had hoped Groovy 
would be the first, but what 
happened is, all of a sudden the 
floodgates opened up," said 
Monson-Haefel. "People said 
this is a real possibility. What I 
think Groovy did [was], 
although it didn't succeed at all 
[as a language], it did succeed 
at saving the Java platform from 
dynamic languages. If you can't 
beat 'em, join 'em." I 
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Nexaweb Updates Web Dev Platform, Studio 



BY ALEX HANDY 

Would you like that page in Java 
or JavaScript? Nexaweb Plat- 
form 4.5 and Nexaweb Studio 
3.0 were both released in late 
December, and the combina- 
tion of these tools gives devel- 
opers the ability to describe 
information in XML, then 
deploy a presentation layer for 
that data as either AJAX or 
Java-based Web pages. The 
new version of the Nexaweb 
Platform also offers increased 
support for Section 508 accessi- 
bility standards mandated by 
the U.S. government. 

Nexaweb Studio is based on 
Eclipse, and includes the Web 
Tools Project, the Data Tools 
Platform and the AJAX Toolkit 
Framework. These Eclipse add- 
ons combine with Nexaweb's 
XML schema, the Extensible 
Application Language (XAL), 
which is the basis for building 
Nexaweb applications, said Rob 
Gagne, vice president of engi- 
neering at Nexaweb. 

"You can focus your time on 
writing the business logic and 
on what your application needs 
to do rather than on writing 
tables that have sortable head- 
ers or creating animations and 
menus," said Gagne. 

Gagne said that developers 
seeking to build JavaScript or 
Java data-based Web sites can 
do so in Nexaweb Studio using 
only XAL and no other lan- 
guages. Primarily, this type of 
designing would encompass the 
identification of databases and 
their contents, said Gagne. 
Once that's complete, Nexaweb 
Studio offers developers the 
option of deploying the result- 
ing presentation layer as either 
JavaScript or Java. 

"Using the Data Tools Plat- 
form, you can drag and drop a 
table into your user interface," 
said Gagne. "That will pop up a 
wizard for getting the data from 
the database to the presenta- 
tion layer." Each wizard offers a 
point-and-click path to finding 
and selecting the desired data, 
provided the database in ques- 
tion can be accessed via JDBC. 

TRANSLATION, PLEASE 

The Nexaweb Platform per- 
forms dynamic interpretation of 
XAL through translation code 
that is embedded into the tar- 
geted Web page. That code 
then switches XAL into Java or 
JavaScript. Gagne said that, 



because Nexaweb uses Eclipse, 
the platform can be used with 
any operating system or HTTP 
server, but it offers failover and 
clustering features when used 
with a Java application server. 



Nexaweb Platform 4.5 also 
improves its ability to present in- 
formation to disabled users, said 
Gagne. For presentation layers 
deployed in Java, the Nexaweb 
Platform can offer information in 



a manner that is friendly to 
screen readers and magnifica- 
tion programs, giving users a 
quick path to accessibility. For 
now, however, the platform does 
not offer this type of accessibility 



for pages deployed to JavaScript. 
Gagne said that Nexaweb is 
working to improve accessibility 
in its AJAX applications, though 
he could give no time frame for 
its completion. I 
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Give Your Users the Complete Picture 

to Help Them Make Better, Faster Decisions 

Applications that incorporate geographic information system (GIS) 
technology give users a visual way to analyze their data and make 
more informed decisions. With ESRI® developer solutions, you can 
quickly and cost-effectively bring geography and mapping capabili- 
ties into your applications, regardless of whether you are building 
desktop, client/server, mobile, or Web applications. 

ESRI developer solutions enable you to 

► Quickly and cost-effectively integrate GIS capabilities 
into your new and existing applications. 

► Select the developer tools that fit best with your architecture 
(ESRI's developer products encompass GIS components, 
servers, and Web services). 

► Use the development environment of your choice, including 
Java™, .NET, COM, and C++, and deploy applications on a 
variety of platforms. 

► Access and manipulate data in multiple formats. 

To learn more about the ESRI developer solutions that are right 
for you, visit www.esri.com/develop. 



Population demographics analysis application 




Web-based property management system 





2007 ESRI Developer Summit 

An Event for GIS, Mapping, 
and Spatial Developers 

March 19-22, Palm Springs, CA 

www.esri.com/devsummit 



Using GIS components within a commercial IDE 



1-888-288-1277 




www.esri.com/develop 
info@esri.com 



Copyright © 2006 ESRI. All rights reserved. The ESRI globe logo, ESRI, www.esri.com, and ©esri.com are trademarks, registered trademarks, or service marks of ESRI in the United States, the European Community, or certain other jurisdictions. Other companies and produc 
mentioned herein are trademarks or registered trademarks of their respective trademark owners. Photo courtesy of Transport Management Centre, Roads and Traffic Authority NSW. 
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Document Imaging 
Catches Air. 

Using Atalasoft Imaging Toolkits your business 
can create applications that save time and 
money. Our .NET imaging components are 
designed exclusively for the Microsoft .NET 
Framework, offering developers Photographic 
and Document imaging for web and windows 
based applications featuring AJAX-enabled 
web imaging, PDF support, data capture, 
scanning/OCR, barcode reading systems, image 
management, and archiving just to name a few. 



Atalasoft 



Fast and Dependable Imaging for .NET 

www.atalasoft.com 

toll free 866-568-0129 



Electric Cloud Takes 
Command of Production 



BY JEFF FEINMAN 

Adding the final piece to its three-way 
software production management solu- 
tion, Mountain View, Calif.-based 
Electric Cloud has released Electric- 
Commander. 

The goal of ElectricCommander is to 
make build and test deployment tasks eas- 
ier to repeat and more efficient. With a 
multi-threaded Java server, the offering 
can handle projects of any size, as it does 
not need to call back to a management 
server for available resources, according 
to Electric Cloud CEO Michael Maciag. 
Instead, ElectricCommander has a "mid- 
dle" application server that will solve a 
problem to avoid database contention. 

ElectricCommander will also work to 
share and reuse project assets. Electric- 
Commander organizes assets in a 
unique information architecture that 
groups related items in virtual projects 
with metadata. The company also says 
that a postprocessor is used to extract 
information after each step. The post- 
processor makes it easy to clone a cer- 
tain procedure and switch out the oper- 
ating system, removing the need to 
rewrite a script for a procedure. 

Maciag said that there were three 



main problems within software produc- 
tion management that Electric Cloud's 
customers frequently pointed out. "We 
have been told that it's too slow, and it 
takes anywhere from a couple of hours 
to a day to do individual steps of this; 
specifically the build step [is] very time- 
consuming," he said. "Customers also 
feel that it's very opaque, and it's very 
hard to debug [problems] on the manu- 
facturing floor. It's also difficult to man- 
age. Typically, there's been no workflow 
or assembly line to take things through 
the steps of this." 

ElectricCommander will join Electric- 
Accelerator, which executes parallel 
builds across standard hardware to 
reduce build times; and Electriclnsight, 
which lays out build structures for build 
managers. 

With the complete software product 
management solution, Electric Cloud 
hopes to carry more weight in the ALM 
space. "Our footprint inside of ALM just 
got a lot wider than what it used to be," 
Maciag said. As the company has tradi- 
tionally focused on build and task accel- 
eration, Electric Cloud is now hoping to 
position itself within the design phase, 
according to Maciag. I 
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ElectricCommander has features that aim to make build and test deployment tasks easier to 
repeat (above). Project managers can monitor individual tasks on a specific project (below). 
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Stronger Architectural Support for OptimalJ 



BY JENNIFER DEJONG 

Compuware has added architec- 
tural support to its model-driven, 
Java development environment. 
The company unveiled Opti- 
malJ 4.2 last month, introducing 



support for software factories — 
essentially groups of architec- 
tural components packaged to- 
gether to create particular types 
of applications. "Cars are built 
by bringing various components 



and processes together," said 
Compuware product manager 
Mike Sawicki. "We want to 
achieve the same precision in 
building software." 

New in 4.2 are wizards that 



guide application architects 
through the process of creating a 
software factory. "You could cre- 
ate a software factory that uses a 
Web interface and communi- 
cates with an entity bean to deal 



ACCESS TO MICROSOFT VISUAL STUDIO 2005 

TEAM FOUNDATION SERVER 

FROM WITHIN THE ECLIPSE IDE, 
AND FROM MACINTOSH AND UNIX SYSTEMS 



Fully integrated with 
Team Foundation Server 

Teamprise allows developers to access 
the source control and work item 
tracking features of Team Foundation 
Server. 

Built on Dava 

All of the Teamprise client applications 
are written entirely in Dava. 



ross-platform 

" h ^ Teamprise applications are fully 
>orted on Linux (and other UNIX 
ints) and Mac OS X, as well as 
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Command-line client 

The command-line client in Teamprise is 
perfect for scripting and non-GUI scenarios. 



Plug-in for Eclipse 

The Teamprise plug-in for Eclipse allows a developer to 
perform source control and work item tracking operations from 
within the Eclipse IDE. This plug-in is also compatible with IBM's 
WebSphere Studio and Rational Application Developer IDE. 

Explorer client 

Teamprise includes a stand-alone client application which 
features an Explorer-style user interface for developers not 
working within an IDE. 
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Introducing Teamprise Client Suite 2.0 



Enable your entire software development team to use the source control and work item tracking features of Team Foundation 
Server from other platforms, including Linux and Mac OS X, and from within the Eclipse IDE. No additional server setup required. 
Contact us directly at (217) 356-8515 or visit www.teamprise.com to download the latest release. 



Copyright 2006 Teamprise. All Rights Reserved. Teamprise is a trademark of Teamprise LLC. Visual Studio 2005 Team System is a trademark of Microsoft 
Corporation. Other company, product or service names may be trademarks or service marks of others. 
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with persistence," he said, offer- 
ing an example. "Another facto- 
ry might use Hibernate instead," 
he added, referring to the open- 
source tool that lets developers 
map Java objects to relational 
databases. 

Once software factories are 
created, they can be exported 
from the Architectural edition of 
OptimalJ, which is based on the 
Unified Modeling Language, to 
the Professional edition, where 
developers flesh out models, 
adding business logic and gener- 
ating code to create the applica- 
tion, Sawicki said. 

The term "software facto- 
ries" is also used by Microsoft. 
But its modeling strategy is 
based on domain-specific lan- 
guages instead of UML. 

Also new in OptimalJ 4.2 is 
Eclipse support for the Archi- 
tectural edition. Compuware 
delivered an Eclipse version of 
the Professional edition last year. 
"This completes the migration 
to Eclipse," Sawicki said. I 

Adobe Announces 
Update to RoboHelp 

BY DAVID RUBINSTEIN 

Adobe on Jan. 16 is releasing 
RoboHelp 6, its first update of 
the help authoring tool in three 
years, that consolidates what had 
been five different RoboHelp 
products into two — a desktop 
version and a server version. 

The desktop RoboHelp 6, 
which costs US$499 for an 
upgrade or $999 new, includes 
editors, import utilities, wizards, 
templates and RoboSource Con- 
trol 3 for entry-level to advanced 
help authoring, according to R.J. 
Jacquez, senior product evange- 
list who was with eHelp, the 
creator of the tool, since before 
that company was acquired by 
Macromedia in 2003. 

The server edition (US$999 
for an upgrade or $1,999 new) 
enables updating of help content, 
natural language search, tracking 
help system usage and database 
connectivity, Jacquez said. 

Key new features include in- 
tegration with Adobe s Captivate 
simulation tool, new Acrobat 
Elements for high-quality PDFs 
with hyperlinks and bookmarks, 
and FlashHelp Pro, a server ver- 
sion of the FlashHelp tool. Also 
new are global user-defined vari- 
ables that allow users to change 
placeholders all at once — such as 
when a products name isn't 
locked down until the last minute. 

Windows Vista support will 
be added this year. I 
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"A revolutionary new 
SQL editor.. .amazing 
new functionality" 
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SQL Farm Combine™ 

Deploy DB projects, scripts, and queries on all databases and servers by a click of a button 



Development 

Co I la bo ra te a rid co m pose d ata ba se p roj ect s 

Support for a wide range of source control systems 
Advanced scripting, automated snippets/templates, intellisense 

Change Management & Agile Deployment 

One-click project deployment on all databases and servers 

Run queries and scripts on many databases & servers 
in parallel (see scfeenshot) 

Easily pass & deploy projects between Dev <-► QA ++ Production 



Develop or auto-generate 
DB project code 
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Telelogic Follows New Business Model for UML Tool 



BY JENNIFER DEJONG 

Known for its high-end UML 
offerings, Telelogic is taking a 
different tack, giving away an 
entry-level modeling tool. 

The company was expected 



to announce in early January 
ModelerT, a Unified Modeling 
Language design environment 
based on the company's Tau 
and Rhapsody tools, for enter- 
prise development and embed- 



ded systems, respectively 

ModelerT lets architects 
map out an application using 
UML diagrams, generating doc- 
umentation from the model, 
said Telelogic director of prod- 



uct marketing Scott McKorkle. 
"All of the diagrams in Tau and 
Rhapsody are supported in 
Modeler," he said. But unlike 
the full-featured offerings, 
Modeler does not generate 
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code. Nor does it allow design- 
ers to simulate models, execute 
them or develop tests based on 
them, he said. 

Users who download Model- 
erT from Telelogic's Web site 
can use it on a stand-alone basis, 
free of charge. Models created 
in the free tool can be migrated 
to Tau and Rhapsody, if the user 
chooses to license the compa- 
ny's full-featured offerings. 

Telelogic is betting that the 
free tool will spur UML adop- 
tion. Large aerospace, telecom- 
munications and automotive 
companies are using Tau and 
Rhapsody, said McKorkle. "But 
we don't see the rest of the world 
moving to UML in general." I 

eCube Plans 
CORBA, DCE 
Evolution Tools 

BY DAVID RUBINSTEIN 

eCube Systems, which makes 
software that enables legacy sys- 
tems to participate in modern 
platforms, will soon release inte- 
gration tools for CORBA and 
DCE stacks that sit beneath its 
NXTware server and middle- 
ware platform. 

"We've made a career of pick- 
ing up abandoned technologies 
and leveraging them," said Peter 
Marquez, eCube's vice president 
of marketing, referring to such 
stalled projects as CORBA, 
RPC, DCE, COOL:Gen and 
Entera. "Where companies have 
lost skill sets, the costs to main- 
tain [these systems] are quite 
high. The technology gets old 
before the gaps are filled in." 

The tools will be Eclipse- 
based and will provide wizards to 
help users unfamiliar with the 
legacy systems to step through 
the processes quickly, Marquez 
noted. 

The DCE replacement solu- 
tion is geared toward financial 
institutions that haven't been 
able to move off the system, said 
Kevin Barnes, eCube's president 
and CEO. "IBM announced in 
2001 that it would stop support 
for DCE, but it hasn't been able 
to," he said. "We're investigating 
with IBM" a solution that would 
enhance systems already in 
place, he added. DCE is built 
around a broker-based architec- 
ture and is known to be heavy on 
security, Barnes added. I 
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Subversion Gains Momentum 



CollabNet's system could replace CVS in market, says analyst 



BY JEFF FEINMAN 

Last year saw a fairly big rise in 
the use of Subversion, as a 
number of organizations 
switched from the more famil- 
iar CVS to the open-source ver- 
sion control system created by 
CollabNet. CollabNet claims 
that by last November there 
were roughly 63,145 servers 
running Subversion. 

According to Thomas Mur- 
phy, a research analyst at Gart- 
ner, Subversion has become 
the standard platform for 
open-source projects. Even 
though not many organizations 
have fully dumped the version 
control systems they already 
had to adopt Subversion at this 
point, Murphy said, it has 
matured into a product that 
can potentially replace CVS in 
the market. 

'ANOINTED SUCCESSOR' 

"I guess you could say it's the 
anointed successor to CVS," 
said Murphy. "It does a lot of 
things better than what CVS 
will do. Functionally, it's a 
much richer product overall." 
Murphy said that Gartner has 
not published any numerical 
counts regarding Subversion, 
though it may begin to count 
those statistics this year. 

"We really see a pickup of 
Subversion in the enterprise," 
Isabelle Dumont, senior direc- 
tor of product marketing 
for CollabNet, told SD Times. 
"What Subversion brings 
into the equation is the ability 
to roll out those tools into 
a distributed environment." 
Dumont said that the number 
of inquiries to CollabNet for 
Subversion over the past six 
months has tripled. 

Project managers and 
heads of development teams 
have been rolling out Subver- 
sion for more users, and many 
have made use of CollabNet's 
training program and other 
resources. Dumont also said 
that vendors such as Philips 
Medical Systems have inte- 
grated with Subversion be- 
cause of its collaborative 
development platform, and so 
has Eclipse. "Developers [on 
the Eclipse project] can share 
code and can discuss with 
[other developers] all the code 
being stored and secured in 
Subversion," she said. 

Philips, a Dutch company 



that creates systems for imag- 
ing, radiation oncology, patient 
monitoring and other forms of 
health care, adopted Subver- 
sion in order to make versions 



of code developed for its imag- 
ing systems. According to Col- 
labNet, Subversion has become 
part of Philips' standard devel- 
opment infrastructure. 



United Airlines has also 
worked with CollabNet to 
migrate many of its Java-based 
projects to Subversion. 

Helping to lead the way 



down the growing path to Sub- 
version, CollabNet's Subver- 
sion Web site, open.collab.net, 
serves as an online community 
that provides customers with 
knowledge of Subversion. 
There is also space to ask 
questions of other users of the 
product and discussion forums 
to share tips. I 
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AutomatedOA Makes 
Testing More Complete 



BY ALEX HANDY 

AutomatedQA expects that its 
new version of TestComplete 
will bring the company's soft- 
ware closer than ever to realiz- 
ing its namesake. TestComplete 
5 can build and execute tests for 
.NET and Web applications, 
and the new version adds sup- 
port for Windows Vista. The 
TestComplete package is avail- 
able in two flavors: as a stand- 
alone test execution tool or as a 
more expensive test creation 
package. 

Drew Wells, vice president 
of product development, said 
his company's flagship tool has 
been refined to please both 
newcomers and old users. That 
meant adding in support for 
coming life-cycle tools and 
IDEs, such as those from Bor- 
land, Infragistics and Microsoft, 



said Wells. It also meant sup- 
porting both Firefox 2.0 and 
Internet Explorer 7.0 for test- 
ing Web applications. 

Another addition to Test- 
Complete is a visual form 
builder, which gives testers 
more control over the running 
of their tests. 

"You can add forms for set- 
ting up test scenarios before 
launching tests," said Wells. 
"You'd want your test to launch 
and not just go straight into the 
test, but rather launch it and say 
which virtual machines you 
want to run, or which of these 
workstations do you want to run 
these tests on." 

Wells said that the forms sys- 
tem is linked into the remote 
test execution capabilities of 
TestComplete 5. While the 
standard TestComplete 5 pack- 



age costs US$1,000 per user, 
the company also offers a small- 
er command-line tool that can 
remotely configure and execute 
tests. This smaller tool costs 
only $89, and gives develop- 
ment shops the option of pur- 
chasing a tool for the testers in 
the organization that do little 
more beyond running and eval- 
uating the effectiveness of tests. 

Wells said that the visual 
forms that can be added to each 
test can also accept input from 
tests, giving test designers a way 
to get feedback from test 
executors. Also, tests can be run 
remotely, allowing servers to 
bear the workload, rather than 
slower workstations. 

TestComplete can use test 
scripts written in C#, Delphi 
Script, VBScript, JavaScript 
and C+ + . I 



Perforce Fights SCM Tampering 



BY JEFF FEINMAN 

The new version of Perforce 
Software's eponymous software 
configuration system, num- 
bered 2006.2, has features to 
stop users from submitting files 
that were changed outside of 
the system's control. One new 
feature, called Tamper Check- 
ing, is designed to improve the 
integrity of the source database. 

Another new feature of the 
2006.2 release, which shipped 
at the end of December, is bet- 
ter branching performance, as 
commit time of large branch 
operations has been improved 
by reducing the number of 
database and journal file 
updates. In Perforce 2006.2, 
multiple commands can be 
buffered and written at once. In 
addition, the offering gives 
administrators more control to 
help ensure concurrency during 
peak loads to avoid swamping 
the server. Also, a file size calcu- 
lation function will let users see 
in advance how much space a 
collection of files will occupy on 
a local disk. 

Separately, in early January 
Perforce released the Defect 
Tracking Gateway, which 
enables integration of the SCM 
software with external defect 
tracking systems. The integra- 
tions are handled through plug- 
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Perforce's Defect Tracking Gateway enables integration with external 
defect tracking systems. 



ins, which can be written by Per- 
force, by the third-party issue- 
tracking software maker, or even 
by enterprises using their own 
homegrown issue-tracking sys- 
tems. The Defect Tracking 
Gateway includes a plug-in for 
Mercury Quality Center 9.0, 
which according to Nigel 
Chanter, chief operating officer 
of Perforce, was the single most 



requested integration. Addition- 
al plug-ins are planned, he said. 
The Defect Tracking Gate- 
way, which is a free add-on to 
Perforce 2006.2, includes a 
graphical configuration editor 
that can be used to map data 
fields in the Perforce SCM sys- 
tem with the appropriate fields 
in the customer's defect track- 
ing system. I 



NEWaBRIEFS 



, COMPANIES , 



San Francisco-based consulting company IT Influential has launched 
a Web search site— FindlTAnswers.com— created to help software 
developers and others locate technical papers, white papers and oth- 
er sources of information quickly. "We've analyzed the information 

architecture of hundreds of 
developer and IT Web sites, and 
the link structure that connects 
them. We've worked the insights gained from this work into our search 
site," said Peter Westerman, president of IT Influential, which accepts 
limited advertising but maintains that its primary focus is its consult- 
ing and advisory services to software companies. 



NEW PRODUCTS, 



Legacy modernization software provider Seagull Software has added 
LegaSuite IMS Gateway to its platform. IMS Gateway lets users cre- 
ate integrations directly to IMS transactions without requiring IBM's 
IMS Connect software, according to Seagull. LegaSuite already sup- 
ported 3270 screen-based integration and direct IMS integration using 
IMS Connect. With IMS Gateway, IMS transactions can expose Web ser- 
vices, .NET assemblies and other interfaces with no changes to the 
code. An Eclipse-based workbench was added so existing development 
teams can create the integrations without having to learn many details 
. . . TIBCO Software in December released a SOA solution suite called 
ActiveMatrix. The suite consists of three ActiveMatrix products: a 
registry, the service grid and a policy manager. The suite costs 
US$40,000 per CPU, and offers service visualization, governance and 
runtime policy management, and interoperability with Amberpoint 
governance products . . . Sun Microsystems has released version 1.0 
of its next-generation windowing system for graphical user interfaces. 
Looking Glass 1.0 is a free add-on for Linux, Mac OS and Windows. 
Looking Glass is written entirely in Java and serves primarily as a 3D 
demonstration of possible future interface paradigms. The binary 
release of Looking Glass 1.0 can be downloaded at lg3d-core 
.dev.java.net. 



UPDATES, 



Recursion Software has released Cinergi 2.1, a multilanguage applica- 
tion integration platform that adds security and performance 
enhancements. Cinergi 2.1's new bidirectional communication for C++, 
Java and .NET clients and servers allows the same port for client/serv- 
er communication to be used, strengthening security. Cinergi 2.1 offers 
64-bit support for IBM AIX 5.3 and Red Hat Linux platforms. Cinergi 
2.1 also has a fail-safe feature that protects against server failure once 
the runtime application starts ... An updated tool based on the Mod- 
ula-3 programming language has been released by German company 
elego Software Solutions. Critical Mass Modula-3 5.4.0 features an 
updated code generator based on gec 3.4.5, the use of incremental 
garbage collection by default, support for system-level threading and 
an updated m3gdb debugger. The free, open-source tool supports such 
platforms as FreeBSD4, Linux Iibc6, NetBSD2_i386 and SOLgnu 
. . . Resolution Software in late December released Xcase Database 
Design 8.1, the latest version of its database modeling tool, with the 
ability to disable gradients when printing to a printer or PDF, among 
other enhancements. 



, STANDARDS , 



□ LIBERTY 
■D ALLIANCE 

PHOJECT 



The Liberty Alliance identity con- 
sortium will host "Liberty 2.0," a free 
public event to be held on Jan. 22 at 
the Sofitel Hotel in Redwood Shores, 
Calif. Liberty 2.0 will bring together experts in federation, user-centric 
identity, Web services, SOAs, social networking, open-source identity, 
OpenID and Web 2.0 applications to examine where current identity 
management solutions cross paths. Also on the agenda is a discussion 
of the consumer and business benefits of industrywide convergence of 
digital identity management initiatives. I 
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Sixth Java Use and Awareness Study 

(with comparisons to the previous studies) 
December 2006 Study #7672 
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Third Eclipse Adoption Study 

(with comparisons to the previous studies) 
November 2006 Study #2352 



Third SCM, Defect Tracking 
and Build Management Study 

(with comparisons to the previous studies) 
September 2006 Study #4806 



Fifth Microsoft .NET Adoption Study 

(with comparisons to the previous studies) 
August 2006 Study #3556 



Third Database, Data Access, Integration 
and Reporting Study 

(with comparisons to the previous studies) 
July 2006 Study #6604 



First AJAX Use and Buying Plans Study 

July 2006 Study #6100 
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Lattix Extends Architecture 
Analysis Software's Abilities 



BY JEFF FEINMAN 

The new version of Lattix DSM — which 
can analyze complex software systems to 
determine interdependencies — focuses 
on handling more complex applications 
and a wider array of languages. 

Lattix LDM 3.0 — from a company 
also called Lattix — expands its capabili- 
ties by allowing the applications, data- 
bases and configuration files to be in dif- 
ferent domains. In addition to Java, it 
supports .NET applications. 

"3.0 is our first real general solution," 
said Frank Waldman, founder and vice 
president of sales and business develop- 
ment for Lattix. "We've taken what we 
developed for software languages creat- 
ed for applications built in Java and 
expanded it to applications, databases 
and systems." 

Waldman said that many of Lattix's 
larger Java customers told the company 



that they needed to see how an applica- 
tion is dependent on a database. Though 
previous releases of LDM gave cus- 
tomers the ability to visualize the archi- 
tecture of an application, some asked 
Lattix to extend this approach into the 
database, which is also a new function in 
Lattix LDM 3.0. Lattix said that the new 
release can scale to analyze the relation- 
ships that can exist between database 
elements, such as schemas, tables and 
stored procedures. 

Another feature of Lattix LDM 3.0 is 
a new Lattix Data Import (LDI), which is 
an XML specification that allows users to 
load dependency information from dif- 
ferent languages and tools. With the LDI, 
customers can see other types of depen- 
dency information in large systems, and 
through Lattix LDM 3.0 plug-ins, can 
extract such information and incorporate 
it into their own blueprints. I 




A Lattix LDM 3.0 matrix is shown, with system dependencies represented by numbers on the grid. 

Oracle s Vision for Middleware 



< continued from page 3 

project is going to come together, how 
you're going to do your services, how 
you're going to do patching and changes. 
That's different from a coding architect 
kind of guy. We had an analyst confer- 
ence at Oracle OpenWorld, and all 10 of 
our customers said the same thing: A 
good application-level architect is key to 
being able to roll out an SOA solution. 
Where does one find SOA architects, 
anyway? 

I don't know if the universities have 
caught up. I think there are skill sets for 
people who have been doing this. You 
could get there from a business analyst 
turned IT professional, or from IT devel- 
opers who have moved up the chain. They 



are comfortable with looking at the bigger 
picture of things. I've seen a lot of cases 
where they didn't have one, and they did 
the codebase style of project manage- 
ment, with a bunch of architects reading 
the requirements. For a pilot project or 
two this is fine, but once it starts to roll 
out, you need someone to figure out 
where these services are and how you 
govern and find them. 

That's what people were trying to solve 
with registry acquisitions, but some of the 
ones I've seen haven't addressed that at 
all. We work with customers and figure 
out how those fit in. When SOA came out, 
there were holes across our architecture. 
We've come back and incorporated those 
things into our core middleware. I 
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ActiveState Activates Komodo 4.0 



BY ALEX HANDY 

Who knew Mozilla could be an 
IDE? Komodo 4.0, an integrat- 
ed development environment 
from ActiveState, will be ready 
for prime time before the end of 
this month. The Mozilla-based 



software will bring new client- 
side capabilities to what has tra- 
ditionally been a server-focused 
development environment, and 
also adds new debugging capa- 
bilities for JavaScript coders. 
The Komodo IDE was last 



updated late in 2005. Since then, 
according to the company, the 
IDE's user base has asked for a 
laundry list of new features. 
Chief among these was a new 
path toward testable PHP appli- 
cations. Eric Promislow, a senior 



developer of Komodo, said that 
prior to version 4.0, PHP code 
was difficult to test and manage. 

"PHP has a complicated .ini 
file, so we've worked on making 
that easier to deal with," he said. 

Ruby on Rails was also a key 
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DATA 
DYNAMICS 



target for the updated Komodo 
IDE. "One of the major prob- 
lems we solved is that a lot of 
developers use template files 
that contain HTML markup 
and embedded code. We built a 
subsystem that lets people de- 
fine the languages. We're ship- 
ping with eight different for- 
mats," said Promislow, adding 
that those eight formats include 
Ruby mixed with HTML and 
Python mixed with HTML, also 
known as Django. 

"Komodo is aware of which 
part of the file [developers are] 
editing. You get code comple- 
tion, you get tag completion, 
and you get the auto indenting. 
Up to this point, most develop- 
ers have preferred to use some- 
thing like Vim, because these 
editors don't do anything," said 
Promislow. He added that the 
Komodo team did its best to 
keep features from getting in 
developers' way, thus hoping to 
lure programmers away from 
command-line editors. 

DYNAMIC WEB 

That philosophy extends to 
IDE's new AJAX and DOM tool- 
ing. Komodo 4.0 adds a DOM 
inspector and AJAX debugging 
tools that can be used with active 
server connections. Promislow 
said that Komodo can jump in 
between a server and its client, 
and inject code dynamically 
before it arrives at its destination. 
This helps developers who are 
testing or experimenting with 
layouts, he said. 

"You can be in the middle of 
debugging JavaScript, and you 
can drop to the interactive shell 
and drop AJAX code in there 
dynamically," said Promislow. 
"You can change an image or 
add a paragraph interactively, 
rather than making a change in 
the editor." 

For future releases, extensi- 
bility will play a key role, said 
Matt Herdon, product manager 
for Komodo. He said that 
because Komodo is based on 
Mozilla, and is very similar to 
Firefox in architecture, the 
IDE can be extended in the 
same manner as the browser. 
With version 4.0, ActiveState 
has exposed this extensibility to 
third-party developers for the 
first time. 

The US$295 Komodo 4.0 will 
run under Linux, Mac OS X and 
Windows. While previous ver- 
sions of the IDE have run under 
Solaris, Komodo 4.0 will not be 
brought to that operating sys- 
tem, said Herndon, due to lack 
of interest from customers. I 
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BEA's SOA 360 Gets New BPM Suite 



< continued from page 1 

el — to make it executable," said 
Joergensen. 

As an example, Joergensen 
described a Web application 
whereby customers can submit 
problems online. When the 
problems are received, the BPM 
Suites included tooling can be 
rigged to automatically poll the 
company's internal knowledge 
base, then bring related informa- 
tion into a dynamically created 
Web page, complete with wiki- 
style document creation tools. 
Related workers would receive 
e-mail messages informing them 
of the new work space and the 
related customer issues, said 
Joergensen. 

The AquaLogic BPM Suite, 
said Joergensen, is built around 
BE As AquaLogic Portal soft- 
ware. He declined to provide 
pricing information. 

MISSION CONTROL TO BEIJING 

Meanwhile, a new version of 
BEA's JRockit Mission Control 
arrived in Beijing, and the com- 
pany claims that it gives better 
visibility to developers monitor- 
ing their applications as they run. 
The company also touted bench- 
marks that showed marked 
improvements in the speed of 
applications running under the 
JRockit Java Virtual Machine. 

A preview of BEA's WebLog- 
ic 10 application server was also 
on display in Beijing, as was ver- 
sion 10 of BEA's Web Logic 
Workshop integrated develop- 
ment environment. The former 
of these adds support for Java EE 
5 and EJB 3.0, while the latter is 
based around Eclipse 3.2 and 
Web Tools Platform 1.5. Both 
products are targeted for release 
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in the first quarter of 2007. 

Ron Schmelzer, ZapThink 
senior analyst, said BEA's move 
to the SOA 360 vision has, so far, 
been going smoothly. "They're 
crafting a vision for this collec- 



tion of different capabilities in 
the SOA platform of which the 
ESB is just one," said Schmelzer. 
"That's a nice balance against 
their competitors who seem to 
say the ESB is everything." 



Schmelzer went on to say 
that, while he finds the SOA 360 
strategy to be powerful and well 
designed, he hasn't yet seen 
much movement toward BE A 
by customers as a result of the 



SOA 360 announcement. He 
added, however, that BE A has 
garnered renewed interest in its 
platforms by touting its services 
and consulting capabilities, 
rather than simply its software. I 
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"This is absolutely the 
best conference I have 
attended. 

The instructors were ex- 
tremely knowledgeable 
and helped me look at 
testing 
in a new way." 



-Ann Schwerin 
QA Analyst, 
Sunrise Senior 
Living 
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• OPTIMIZE Your Web Testing Strategies 

• LEARN How to Apply Proven Software Test Methodologies 

• NETWORK With Other Test/QA & Development Professionals 

• ACHIEVE a Better Return on Investment From Your Test Teams 

• GET the Highest Performance From Your Deployed Applications 

The Software Test & Performance Conference provides technical education for 
test/QA managers, software developers, software development managers and se- 
nior testers. 

Don't miss your opportunity to take your skills to the next level. Take a look at 
what your colleagues had to say about the last two sold-out conferences: 




"I learned things I didn't know existed! I met 
people from all ranges of QA, all of whom were 
brimming with information they were willing 
to share. 25-50% of the things I learned were in 
between classes." 

— Rene Howard, Quality Assurance Analyst 
IA System 



"This was the most practical conference I have 
been to in 18 years." 

— Mary Schafrik, Fifth Third Bank 
B2B Manager/QA & Defect Mgmt. 

"The Conference was quite useful. If you get 
one impact idea from a conference, it pays for 
itself. I got several at the ST&P Conference." 

— Patrick Higgins, Sr. Software Test Engineer 
SSAI 



"This conference is great for developers, their 

managers, as well as business-side people." 

— Steve Margenau, Systems Analyst 
Great Lakes Educational Loan Services 



"This conference is a wonderful tool to gain in- 
sights into the QA world. A must-attend con- 
ference!" 

— Ginamarie Gaughan, Software Consultant 
Distinctive Solutions 



"Excellent conference — provided a wide range 
of topics for a variety of experience levels. It 
provided tools and techniques that I could ap- 
ply when I got back, as well as many addition- 
al sources of information." 

— Carol Rusch, Systems Analyst 
Associated Bank 
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Novell Executive 
Outlines 
Microsoft Deal 

Customer demand for better 
interoperability between Linux and 
Windows motivates both companies 



i /'I 


A 






BY P. J. CONNOLLY 

The controversial joint market- 
ing and patent exchange 
arrangement between Micro- 
soft and Novell continued to 
make waves at the end of the 
year. The open-source commu- 
nity remains split on the ethics 
and merits of the deal, a recent 
casualty of which was Samba 
project leader Jeremy Allison, 
who resigned from Novell on 
Dec. 21 in protest of the deal. 
But if early reports from key 
customers are anything to go 
on, the people who actually 
write the checks for software 
and services seem to be pleased 
with the spirit of detente com- 



ing from the two companies. 

Shortly before the holidays, 
SD Times spoke with Susan 
Heystee, Novell's vice president 
for global strategic alliances, to 
learn more about how the 
arrangement was faring in its 
early days. Excerpts from the 
conversation follow: 

SD Times: What exactly is your 
role in this arrangement? 

Susan Heystee: I'm responsible 
for our global strategic partner- 
ships — that includes responsibil- 
ity overall for our relationship 
with Microsoft. Jeff Jaffe, our 
CTO, is taking the lead in terms 
of the engineering and develop- 



ment and all of the technical col- 
laboration initiatives. 

From an overall relationship 
perspective, I'm really responsi- 
ble for the customers, the overall 
market and some of the initia- 
tives we have under way, in 
terms of working with customers 
and partners, on what this means 
in terms of their business, what 
this means in terms of the part- 
nership. I'm the focal point in 
terms of the relationship and 
coordination between Microsoft 
and Novell, from our side. 
What are the benefits of the 
arrangement? 

The benefits are really around 
the interoperability... I was in 



Japan last week [mid-Decem- 
ber] and had this feedback loud 
and clear from the customers 
and partners there: There are 
major deployments of Windows 
as well as Linux, and our joint 
customers are looking for inter- 
operability between those plat- 
forms as well as looking at how 
they can leverage virtualization 
technology, especially in that 
midtier x86 environment on a 
go-forward basis. This directly 
addresses those needs, and 
we're focused on three main 
areas of solutions around inter- 
operability. 

The first is the bilateral vir- 
tualization between Windows 
and SUSE Linux, where essen- 
tially, SUSE Linux can run vir- 
tualized as a guest on Windows, 
and Windows can run virtual- 
ized as a guest on SUSE Linux. 
The second area is in relation to 
the federation and interoper- 
ability between [Microsoft] 
Active Directory and [Novell] 
eDirectory, and really advanc- 
ing our federation technology 
to make that even easier to 
achieve across an environment. 
The third area is technical col- 
laboration in development 
around increasing the ease of 
interoperability between Open- 



Office and Microsoft Office for 
the end user. [These] all fit 
within the umbrella of what 
customers have been describ- 
ing to us as "interoperability." 
How does the joint marketing 
arrangement work? 
From a marketing perspective, 
we have a dedicated team with 
Novell, as well as a [correspond- 
ing] team within Microsoft, 
that's focused around this part- 
nership, and we've been actively 
engaging with customers across 
five major markets: The U.S., 
Germany, the U.K., France and 
Japan, which we launched [in 
mid-December]. 

Our focus there is really 
threefold. We're working around 
the awareness of the partnership. 
The second area is around the 
identification of and working on a 
number of enterprise customers. 
There's over a hundred cus- 
tomers in the U.S. that we're in 
active discussion with [and] are 
interested in learning more and 
looking at how these technolo- 
gies will really help them in their 
environment. The third area is 
looking at a number of enterprise 
customers that would like to be 
part of an early adopter program 
for the new combined offering, 
as we come to market in 2007. 1 
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Web 2.0 Threats Detailed 



< continued from page 1 

attacks that we see occur because user 
input is invalidated — it's just taken in a 
raw format and used in the application. 
It's hard to validate user input, but it is 
absolutely essential because that is 
where the vast majority of attack vectors 
come from." 

Sutton said that the best way to defend 
against the vulnerabilities that SPI 
Dynamics points out is for developers to 
think about security in the overall soft- 
ware cycle. He said that common attacks 



such as SQL injections can be fixed very 
easily while programmers are writing the 
code, but the problem is that most pro- 
grammers aren't trained in security. 

"Security is now everybody's problem: 
It's the developer's problem, it's the QA 
team's problem, it's the manager's prob- 
lem," Sutton said. "Security needs to be 
baked in through the entire software 
development life cycle and not brushed 
on at the end. The security team should 
be part of primary discussions. We need 
to train and involve people at all levels." I 



Something about the number 7 seems to attract nasty things. Whether it's the seven 
deadly sins or George Carlin's list of "Seven Words You Can Never Say on Television," 
poor old number 7 isn't always lucky. SPI Dynamics has decided to jump on the "7" train 
with its release of seven predictions for Top Web Application Security Threats in 2007: 

Q RAD Becomes BAD: While increased guality is a goal of rapid application devel- 
opment, it is often sacrificed to meet deadlines. This can lead to additional security 
vulnerabilities and attack vectors if organizations do not implement security 
throughout the application development life cycle. 

Fl File Format Vulnerabilities: Yet Another Avenue for Phishing Attacks: Single 
malicious files can exploit multiple applications leveraging the same faulty libraries. File 
formats are a key vector for phishing attacks, and there are many popular targets for 
these types of attacks, such as graphical programs and spreadsheet applications. 

Fl Hacking Along Bridges: Why Wouldn't Hackers Take the Easiest Route? This 
trend involves a link or "bridge" between two sites where one is able to send search 
reguests to a larger site, such as Amazon.com or Maps.com. By hacking along 
bridges, attackers essentially piggyback on the trust between the two sites and are 
able to attack the desired site guickly. 

El Insecure Embedded Web Applications: Don't Forget Those Printers! Hardware 
(including printers and routers) runs Web servers, which make the devices targets 
for attacks on other systems. For example, a vulnerable switch could be configured 
to re-route traffic to the attacker. Without patches and updates, these hardware- 
based Web servers will remain vulnerable. 

H Web 2.0: A Hacker's Dream: While Web 2.0 promises to make Web applications 
such as AJAX, SOAP and RSS easier to use, it is important not to ignore security 
while increasing the complexity of Web applications. 

n Client-Side Attacks Come of Age: Phishing attacks and identity theft have 
exploded in recent years, driven by SQL injections and cross-site scripting. Client- 
side vulnerabilities have become the facilitators that make these attacks possible. 

Q Web Application Worms: Web-based worms have proven to be a highly successful 
means of conducting blanket phishing attacks against millions of unsuspecting users. 
The vulnerabilities arise due to relaxed rules on client-provided script, an increasingly 
popular trend as it allows users to produce dynamic personalized content. 

Source: SPI Dynamics 



OBJECTWEB CONSORTIUM IS NOW 0W2 



BY ALEX HANDY 

ObjectWeb is no more. The open-source 
middleware development community 
dissolved on Dec. 31 as per its consor- 
tium agreement, and reformed as OW2 
on New Year's Day after joining forces 
with Orientware, another consortium 
working on open-source middleware. 

Effectively ObjectWeb 2.0, the new 
consortium will refocus its efforts, with a 
legal task force created specifically to 
revise its current policies and proce- 
dures. ObjectWeb was created in late 
1999 with France Telecom, the French 
National Institute for Research in Com- 



puter Science and Control, and French 
IT services provider Bull, with the goal 
of developing adaptable components for 
open-source distributed middleware. 
The components range from specific 
software frameworks and protocols to 
integrated platforms, according to the 
consortium's Web site. 

With Orientware on board, OW2 
will build out a common platform. So 
far, ObjectWeb has succeeded in start- 
ing development of the eXo Platform, 
which is an enterprise-targeted Web- 
based operating system, and JOTM, the 
Java Open Transaction Manager. I 
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A Market for Managed Mashups Emerges 



MICROSOFT CREATES 
SANDBOX FOR 
TELCO MASHUPS 

BY P. J. CONNOLLY 

Microsoft is getting into the mashup 
business, in a matter of speaking, with its 
Connected Services Sandbox. Launched 
in Hong Kong last month, the program 
aims to assist developers, ISVs, network 
equipment providers, systems integra- 
tors and telecommunications companies 
with developing and testing new com- 
munications services, eventually bring- 
ing them to market. 

These so-called "managed network 
mashups" combine traditional telecom- 
munications offerings, such as caller ID, 
SMS and voicemail, with Web services to 
create services that are portable to a wide 
variety of devices and networks. In a pre- 
pared statement, Microsoft's general 
manager for the communications sector, 
Michael O'Hara, referred to these ser- 
vices as "the foundation of Telco 2.0/ " 

Michel Burger, CTO of Microsoft's 
communications sector unit, explained 
that telcos are already trying to do this on 
a one-off basis, but "what they want to do 
is to provide an environment [that allows 
developers to] "take call control from 
British Telecom, location from British 
Telecom, Exchange or mail services from 
Microsoft, mapping service from Micro- 
soft and create a new mapping service," 
for example. 

"Basically," he continued, "where 
today it would take a specific [consulting] 
engagement, we said, 'Wouldn't it be 
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interesting to have an environment 
where developers could do this in a much 
more. . .ad hoc form, in order to fuel the 
innovation?' " 

ZapThink senior analyst and princi- 
pal Jason Bloomberg explained that this 
effort was a natural extension of 
Microsoft's work in the telecommunica- 
tions space: "It's the idea of bringing 
composite applications to the telco 
industry, and leveraging .NET.... They 
want you to use Microsoft everywhere 
you can." He observed that "telcos are 
particularly interested in convergence 
stories" involving long-deployed tech- 
nologies such as landline and SMS, as 
well as newer ones such as Web services. 
"The sweet spot... for telcos is mashups 
that leverage these different channels." 

From its beginning, the Connected 
Services Sandbox will offer a variety of 
Microsoft products and services to 
mashup developers, including the Con- 



nected Services and Customer Care 
frameworks, as well as the company's 
hosted messaging and hosted Windows 
services. The Sandbox Web site 
(www.networkmashups.com) already 
offers a number of example mashups 
and more information on the program. 

But Bloomberg argued that the man- 
aged aspect of these services can be lim- 
iting. "What isn't as mashup-like about 
this is... the user can't change his capa- 
bilities. I can't recompose it; I can't take 
out this Microsoft map, and drop in 
Google Maps instead. User empower- 
ment is a key part of the definition of a 
mashup, but the world isn't necessarily 
ready for that in the enterprise, at least 
until the tools mature further." 

As an incentive to developers, 
Microsoft and British Telecom announced 
as part of the Sandbox's debut that a 
series of design and development con- 
tests will begin this month. I 



Mashups Getting Caught in Web 2.0 



< continued from page 1 

new APIs at an almost-daily rate, reach- 
ing 354 on Jan. 2. The library of 
mashups on ProgrammableWeb is even 
more extensive, totaling 1,410 as of the 
2nd; a "Mashup Matrix" tracks the com- 
binations of APIs and is updated daily. 

Although discussions of the W3C's 
Semantic Web project often go deeply 
into ontologies — the concepts and rela- 
tionships that describe and represent an 
area of knowledge — and the use of the 
Resource Description Framework to 
model these relationships, there's no for- 
mal requirement for either of these con- 
cepts in a mashup. In the cases of both 
the Semantic Web and a mashup, Uni- 
form Resource Identifiers are used to 
define the relationships as well as their 
end points. 

To date, many of the mashups one 
finds use the same model as the initial 
example: Take some data, add a map, 



and there's the mashup. That's due in 
part to the relative accessibility of high- 
quality maps online, thanks to Google, 
Yahoo and others, and the relative sim- 
plicity of displaying data against a map. 

The combination of APIs, XML and 
good old-fashioned screen-scraping can 
become increasingly complex, but since 
many Web APIs attempt to be language- 
agnostic, developers can assume that 
their choice of tools is likely to be driven 
more by their own comfort level than by 
a tool's compatibility with a given API. 

But that's just the beginning, com- 
pared with where some of the Internet's 
big players want to go with the mashup 
model. Whether it's Microsoft's focus 
on communications (see "Microsoft Cre- 
ates Sandbox for Telco Mashups," above), 
or Sun's blend of entertainment and news 
at The Big Mashup (www.sun.com 
/thebigmashup), it's clear that the Web-as - 
a-platform is the next big thing. 



But for it to be useful in the enter- 
prise, it requires more than just APIs and 
XML, Bloomberg contends. "The overlap 
between the Web 2.0 world and the 
enterprise world is what we call the 
'enterprise mashup.' What makes them 
'enterprise' is that the services are loosely 
coupled; that is, they're managed, they're 
secure, there's governance in place to 
deal with. . .the policies that apply to how 
organizations use services," he said. 

"Governance is really the key," 
Bloomberg continued, "because no 
enterprise is just going to allow anyone 
to put any service they want together, 
however they like, the way you would 
with Google Maps. In the enterprise, 
services have sensitive information, and 
sensitive capabilities. You can't just take 
the free-for-all... aspect of Web 2.0 and 
import it into the enterprise, without 
thinking through the whole governance 
question." I 



MASHUP MAKERS HELP 
MAKE BUSINESS CASE 
FOR WEB 2.0 

BY JENNIFER DEJONG 
AND DAVID RUBINSTEIN 

Mashup makers are the new darlings of 
the Web 2.0 world, and two companies 
are offering new ways to create these 
composite applications. 

IBM is pushing QEDWiki, its Web 
2.0-based mashup maker that uses wid- 
gets — in this case, small fragments of 
DHTML that encapsulate content — to 
connect disparate data providers into a 
single framework. IBM announced last 
month that it is working with AccuWeath- 
er to provide situational, weather-related 
applications using QEDWiki, which is 
coming out of IBM's Emerging Internet 
Technology group. 

Paul Raymond, senior product man- 
ager at AccuWeather, used the example 
of a commodity trader in energy futures 
needing to know weather conditions that 
could affect oil production or discovery, 
as well as news of geopolitical events and 
global inventories. QEDWiki is being 
positioned by IBM as an enterprise plat- 
form to enable businesses to create situ- 
ational applications as needed, and Dan 
Gisolfi, IBM's executive IT architect for 
emerging Internet technologies, said the 
company is lining up partners to help 
build out the widgets, which provide the 
business value for Web 2.0 technologies 
such as wiki, RSS and AJAX. 

Meanwhile, at the Gartner Applica- 
tion Integration and Web Services Con- 
ference last month, dot-com-era sur- 
vivor Kapow Technologies launched 
openkapow (www.openkapow.com), an 
online community that lets developers 
download RoboMaker, the client soft- 
ware designed for use with the compa- 
ny's Mashup Server 6.0. 

RoboMaker is essentially a visual 
scripting tool that lets developers bring 
together Web content in order to create 
an application, said Kapow chief market- 
ing officer Joe Keller. RoboMaker is 
free, but the resulting applications are 
designed to run on the Kapow server. 

RoboMaker can output information in 
"any interface you want," including 
HTML and XML, as well as Microsoft 
.NET and Java APIs, said Keller. 

Kapow dates back to 1999, when the 
company built online marketplaces for 
boats, and other offerings. When the dot- 
com bubble burst, the company took the 
technology used to build those sites and 
began to offer it commercially, said Keller. 

Now the company is hoping that 
openkapow, which lets developers share 
mashup applications they have created, 
will help create awareness. I 
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Oracle Clarifies Application-Specific Database Strategy 



BY P. J. CONNOLLY 

As an early holiday gift to its cus- 
tomers, Oracle last month better 
defined its road map and strate- 
gy for application-specific data- 
bases, which had become some- 
what muddied by the past couple 
of years' worth of acquisitions. 

The company's reputation lies 
largely in its success as an enter- 
prise-grade supplier of applica- 
tions and databases. But as Rex 
Wang, Oracle's vice president for 
embedded systems marketing, 
observed, 'We have a serious 
interest in the embedded mar- 
ket, [which] emanates from our 
belief that the market is signifi- 
cant and growing. Because this 
space is so broad and growing. . . 
[and] the technical needs are so 
diverse, we need to offer devel- 
opers that kind of choice." 

The company's flagship 
product for application-specific 
databases is, naturally enough, 
Oracle Database lOg, which 
allows developers to make use 
of the advanced management 
and relational database features 
they're used to in an Oracle 
product. Wang observed that 



"most people don't think of 
[Oracle Database lOg] as an 
embeddable product, but it 
actually is... it can be packaged 
along with the application, it 
can be installed and configured 
silently along with the applica- 
tion, and during runtime, it can 
be configured to be self-manag- 
ing as well." 

Meanwhile, Oracle Data- 
base Lite lOg R2 provides tools 
designed to support offline and 
online modes, with periodic 
synchronization back to an 



Oracle database. 

Other application-specific 
database lines are being pitched 
at particular niches. Oracle 
TimesTen offers the perfor- 
mance advantages of a real-time, 
in-memory database engine with 
replication and caching options, 
while the Berkeley DB family 
is aimed at those customers 
who value the open-source 
approach and don't need the full 
power of a relational database. 

"Some people can predict at 
design time how they're going to 



access the data, so they can write 
code to go get it," Wang said. 

The latest iteration of the 
database, Berkeley DB XML 
2.3, became available last 
month and adds an event API 
for integration with third-party 
XML parsers and processing 
tools, with updates to XQuery 
and XPath, in line with the pro- 
posals for these projects pend- 
ing before the W3C. The new 
release also includes perfor- 
mance enhancements in node 
storage, query optimization and 



execution, and support for 
MVCC (Multi- Version Concur- 
rency Control) containers. 

Wang sees very little overlap 
in the application-specific data- 
base portfolio. "It's not a one- 
size-fits-all job. The require- 
ments [can be] radically 
different." 

According to Wang, improv- 
ing the interoperability of all of 
Oracle's embedded databases is 
a priority. "We are integrating 
these products in interesting 
ways," Wang said. I 



Vista to Support Gemalto Smart Cards 



BY P. J. CONNOLLY 

The attraction of personal com- 
puter security devices such as 
smart cards and tokens has 
been mitigated until recently by 
the devices' dependence upon 
specialized configuring and 
programming tools. The prolif- 
eration of these stand-alone 
utilities doesn't always sit well 
with managers and users that 
want tooling to act as part of a 
framework, instead of being a 



programming island. 

Gemalto recently announced 
with Microsoft that Windows 
Vista would recognize its solu- 
tion to this problem — smart 
cards and tokens that support 
the .NET Framework — without 
any further configuration. Older 
Windows versions will require a 
plug-in to support these 
devices, which can be pro- 
grammed as if they were any 
other .NET end point. The 



cards contain an implementa- 
tion of the Common Language 
Infrastructure and an optimized 
version of the .NET Frame- 
work, and allow multiple appli- 
cations to be stored on board. 

Developers that want to 
configure Gemalto's .NET 
smart cards can integrate their 
development tools into Visual 
Studio .NET and allow the inte- 
gration of smart card support 
into other applications while 



adding access to advanced cryp- 
tographic services. Gemalto 
was formed in June 2006 by the 
merger of Gemplus Interna- 
tional and Axalto. 

When used with Microsoft's 
forthcoming Certificate Life- 
cycle Manager, due later this 
year, these devices and others 
like them may help accelerate 
the deployment of a digital cer- 
tificate-based infrastructure, 
with applications including 
document signatures, e-purse 
services and physical access 
control. I 
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AJAX Powers Up 
Better Web Sites 
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But what 
about better s 



bottom line 
performance 

for .NET 
component 

makers? 



BY JENNIFER DEJONG 



^^^ rom Google maps to the travel 
^P search engine Kayak.com, evi- 
^H dence is mounting that AJAX 
makes for a better user experi- 
ence on the Web. 

But will it also make for better for- 
tunes among .NET component develop- 
ers that AJAX-enable their presentation 
layer tools? 

The jury is still out on that, but .NET 
presentation layer tool makers are col- 
lectively betting that it will. AJAX, which 
stands for Asynchronous JavaScript and 
XML, is a natural fit for them. It pro- 
vides a way to make interactive the 
charts, graphs, maps, grids, dashboards, 
buttons and other user interface ele- 
ments they sell. Not surprisingly, they 
have embraced the Web development 



technique aggressively, adding AJAX 
capabilities to their product lines, which 
are aimed at developers who don't want 
to code user interface elements from 
scratch. 

"AJAX has added a huge amount of 
functionality to our tools," said Ed Wors- 
fold, director of marketing at Dundas 
Software. The company's products help 
create dashboards for financial and oth- 
er enterprise applications that can rely 
on vast amounts of historical data. "You 
can move the cursor to the [year and 
month] you are interested in, and the 
real-time data is refreshed, without 
flickering," he said. "AJAX is a buzz- 
word. But let's face it; it's pretty neat 
stuff." 

Sophisticated financial reports 



require the running of complex algo- 
rithms, added Rene Garcia, president 
of Software FX, which sells charts and 
other data visualization tools. Before 
AJAX, that was difficult to do without 
keeping the Web user waiting, he said. 
"It took many trips back to the server." 
Now an item on the page can be 
refreshed quickly, without waiting to 
refresh the entire page, he said. 

AJAX BEFORE AJAX 

Reducing time-consuming trips to the 
server is what AJAX is all about. The 
Web development technique brings 
together several different technologies, 
including JavaScript, XML and the 
Document Object Model to enable 
continued on page 34 ► 




Before AJAX, Web users waited while entire 
pages refreshed, says Software FX's Garcia. 
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AJAX Powers Up Better Web Sites 



< continued from page 33 

users to interact with Web apps 
in a more dynamic way. It over- 
comes the limitations of the 
traditional, thin-client Web 
browser model, which requires 
constant calls back to the serv- 



er to respond to user requests. 
"Post back, post back, post 
back made for a poor user 
experience," said Infragistics 
vice president of product mar- 
keting Jonathan Cohen, refer- 
ring to the traditional approach 



to refreshing content in 
ASP.NET. 

The term AJAX was coined 
in 2005. But the technology it 
is based on is not new, noted 
Cohen. "We were doing AJAX 
before it was AJAX." Infragis- 



tics, which sells suites that 
include charts, menus, tool- 
bars and a host of other con- 
trols, began using a client-side 
object model that relied on 
JavaScript a few years ago, he 
said, referring to the technolo- 
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gy XML Load-On-Demand. 

That was also the case for 
Dart Communications, which 
sells grids, buttons, drop-down 
lists and other controls for 
ASP.NET. Its LiveControls 
offerings did rapid updates on 
Web pages without going back 
to the server before the term 
AJAX was actually coined, said 
Dart vice president of sales and 
marketing Lisa Ross. The 
advent of the term AJAX, 
which Dart embraced as a mar- 
keting message, helped put the 
company's offerings on the 
map, she said. "LiveControls 
began to take off. There were 
literally hundreds of people 
looking at it." 

TOO SOON TO TALLY PROFITS? 

AJAX has had a significant 
impact on presentation layer 
tool makers' products and how 
they market them. But it hasn't 
necessarily made the compa- 
nies that sell AJAX-enabled 
components more profitable. 
That may be because AJAX 
adoption has only just begun, 
said Ross. "Companies don't 
jump on the bandwagon the 
second something is out. A year 
ago, people didn't know what 
AJAX was." But now they do, 
she said. 

Most of the .NET compo- 
nent makers that SD Times 
interviewed said AJAX has 
resulted in an uptick in sales. 
But none of the companies, 
which are privately held, 
offered concrete evidence of 
that trend. 

"It's hard to come up with 
any number. But we are dou- 
bling the revenue every year, 
and AJAX [is a part of that]," 
said Arman Eshraghi, CEO for 
LogiXML, which sells charts 
continued on page 36 ► 




The term AJAX was coined in 
2005, but the technology isn't 
new, notes Infragistics' Cohen. 







The First ever. 



Vista-style controls for Windows Forms 



• Zoom 

• Rotation 

• Flash-like animations 

> Vector transformations 

• Transparencies 

www-telerik.com/winforms 



^telerik 



Oliver mora rtean expected 



"-■ • 



36 



SPECIAL REPORT 



Software Development Times . January 15, 2007 . 



www.sdtimes.com 



AJAX Powers Up Better Web Sites 



AJAX AT A GLANCE 



WHAT IS AJAX?: AJAX, which stands for Asynchronous JavaScript and XML, isn't 
a single technology. It's a Web development technique that includes the following: 



• Standards-based presentation using 
XHTML and Cascading Style Sheets 

• Dynamic display and interaction 
using the Document Object Model 

• Data interchange and manipulation 
using XML Extensible Stylesheet 
Language Transformation (XSLT) 



• Asynchronous data retrieval 
using XMHttpRequest 

• JavaScript, which binds everything 
together 



HOW IT WORKS: Instead of loading a Web page at the start of a session, the 
browser loads an AJAX engine, written in JavaScript and usually tucked away in 
a hidden frame. This engine is responsible for both rendering the interface the 
user sees and communicating with the server on the user's behalf. The AJAX 
engine allows the user's interaction with the application to happen asynchro- 
nously—independent of communication with the server. Every user action that 
would normally generate an HTTP request takes the form of a JavaScript call to 
the AJAX engine instead. Any response to a user action that doesn't require a 
trip back to the server— such as simple data validation, editing data in memory 
and even some navigation— the engine handles on its own. If the engine needs 
something from the server in order to respond— if it's submitting data for pro- 
cessing, loading additional interface code or retrieving new data— it makes those 
requests asynchronously, usually using XML, without stalling a user's interaction 
with the application. 



Source: www.adaptivepath.com/publications/essdys/archives/000385.php 



< continued from page 34 

and other reporting tools that let devel- 
opers incorporate financial and other 
sophisticated reports in enterprise appli- 
cations. 

Sales for .NET components are doing 
very well, added Dundas' Worsfold. "The 
company has doubled in size since last 
year, but it's not just AJAX." Component- 
One has also seen sales increase, said the 
company's technology evangelist John 
Juback. But AJAX has also created new 
challenges, he said. "There are more 
platforms to test against." 

The true impact of AJAX will be 
realized when AJAX-enabled Web sites 
become commonplace, and users begin 
to demand the increasingly sophisticat- 
ed Web experiences that AJAX makes 
possible. 

"The bar has been raised," said 
Infragistics' Cohen. Web sites such as 
Google Maps (which uses AJAX) have 
had an impact, he said. "The catalyst is 
the user, who is finally seeing a good user 
experience, and developers will have to 
deliver that." 

Web users are becoming more 
demanding, added Dart senior engineer 
John Talarico. "They will recognize that 
the older Web experience is disruptive, 
jerky and difficult to navigate," he said. 
"Our feeling about AJAX is that [Web 




Web users are becoming more demanding, 
says Dart's Talarico. 

developers] won't have any choice but 
to implement it." 

That is just the tip of the iceberg, 
according to LogiXML's Eshraghi. "AJAX 
will ultimately create new types of busi- 
nesses," he said, offering the travel search 
engine site www.kayak.com as an example. 
In the past, Web users could go to sites 
such as www.orbitz.com and buy a ticket. 
But Kayak.com searches all travel sites on 
the Web to find the best fare, he said. I 
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FROM THE EDITORS 

Mashups Offer 
Redemption, Renewal 

For years, it's been common for software developers and their man- 
agers to be asked by end users for a feature, only to have to reply, 
"It's just not possible." When the stumbling block wasn't money, person- 
nel or time, the problem was that the technology simply didn't exist. 

Some of us remember when the obstacle was simply getting two com- 
puters to communicate. With a lot of time and hard work, and the rise of 
standard networking protocols, that problem was solved. Then the big 
issue became data interchange, because in the years that had passed, 
companies found themselves storing data in a variety of incompatible 
formats; in much the same way as hardware and operating systems 
evolved, standard means of data exchange were developed and accepted. 

This brings us to 2007, where TCP/IP and XML are the common 
plumbing upon which business applications rely. The client/server mod- 
el that required dedicated software on every user's workstation has been 
replaced by a distributed model, where browser-based access is king, the 
value of a service is measured by the accessibility of its API, and execu- 
tives are realizing that data can be an asset instead of a cost. 

The opportunities for corporate developers to deliver flexible applica- 
tions to address their end users' needs have never been greater. Enter- 
prise software managers have a unique chance to make good on the 
promise of technology in ways even seasoned IT professionals didn't dare 
dream of a decade ago. 

The corporate mashup has to be user-driven, and treated in a fashion 
completely unlike the typical business application development cycle. A 
good mashup will never be "done" per se, but will instead be flexible 
enough to tweak in response to changing business needs, without dis- 
rupting the user experience. 

Although the success of the business mashup will be closely aligned to 
user acceptance, it's going to fall to IT to make it happen. With the 
increasing scrutiny of the datacenter in the name of "governance," there's 
no chance of putting end users in control of how the newly exposed ser- 
vices are defined and used. 

That puts the onus squarely on software developers and their managers, 
who have to reopen the dialog with their end users, and rethink what a busi- 
ness application should be. This is more than just a matter of putting a new 
interface layer on the same old underpinnings; the ability to combine data 
and services in a mashup offers developers and managers a chance to start 
with a relatively clean slate. How many times does that happen? 



Web Security 2.0 



Just when you thought it was safe to deploy your Web applications, 
along comes a whole new crop of vulnerabilities. SQL injection is 
passe; buffer overflows are, like, so totally five minutes ago. Today's Web 
2.0 applications, using technologies like AJAX, SOAP and RSS, present 
new APIs — and new places for criminals, viruses and worms to exploit. 

The complexity of the new paradigms means that it's more important 
than ever before to design security into applications. The architect must 
think about security; coders must be vigilant; acceptance testing needs to 
look for vulnerabilities. Any code that's exposed on the Internet or an 
intranet faces new dangers. 

Part of the danger is that code walk-throughs and diligent practices 
aren't enough. The messages and protocols are too complex, and there 
are too many application frameworks, runtime engines and other pieces 
of the application stack involved with any Web 2.0-style deployment. 

Not only are development teams going to be required to learn and 
adapt to new security vulnerabilities, but they're probably going to have 
to adopt commercial tools to help with static analysis and runtime mon- 
itoring. That's an expense that nobody budgeted for. But it's the price 
we're going to pay for the next-generation Web. I 



High-Security Systems Need 



Many applications depend on soft- 
ware in a very critical way. Think 
about safety-critical applications, such as 
those used to control the avionics of 
commercial and military planes. Every 
time you get on any modern plane such 
as a Boeing 777, you literally place your 
life in the hands of a complex software 
program. A bug in this program could 
easily cause a fatal crash. 

And yet we have had no 
deaths on commercial aircraft 
that can be attributed to soft- 
ware errors. We actually know 
pretty well how to build reliable 
software when we need to. It 
takes special techniques, which 
for sure are not used in most of 
the unreliable software that we 
see around. These techniques 
involve use of appropriate lan- 
guages, as well as specialized testing and 
certification protocols. In some cases, 
mathematical "formal" methods are used 
to demonstrate that the code is error-free. 

This surprises some people, who 
think that it is normal for large systems 
to be full of errors, and certainly we are 
surrounded by unreliable software. The 
777 actually is a very nice illustration: 
The one component of the software that 
was not designed to meet safety-critical 
requirements was the cabin entertain- 
ment system, and as many experienced 
travelers know, this system is full of 
glitches and often breaks down. 

Another case arises in the high-securi- 
ty area, where we worry not only about 
bugs, but about external attacks, including 
possible cyberterrorism. Just as an archi- 
tect designing a building has to take into 
account not only structural soundness in 
"normal" conditions (including extreme 
weather), but also intentional attacks from 
terrorists or others, there are applications 
where being bug-free is not good enough. 

THE VOTING MACHINE CASE 

A case of software security that has cen- 
ter-stage attention these days is the code 
that controls voting machines. Voting 
machines are not a safety-critical appli- 
cation in the classical sense; no one dies 
if the application fails. Well, more accu- 
rately, no one dies directly, but indeed 
the possible consequences of inaccurate 
recording of votes are staggering, and in 
the worst case it could undermine criti- 
cal public faith in the voting process. 
This is arguably an even much more crit- 
ical application than the 777 avionics. 

Consequently, you would assume that 
the software is written with the same 
kind of care. Well, if you assume this, you 
are sadly mistaken. The code is propri- 
etary, and undergoes no kind of formal 
certification or testing of the kind we use 
for planes. Furthermore, as evidenced by 
reports emerging in news stories, the 
software is full of errors. As one example, 





the recent disappearance of thousands of 
votes in a Florida district in the 2006 
election confirms our worst fears. Just 
suppose that control of the Congress 
depended on that outcome — we would 
be in a very serious situation. 

The voting machine case also raises the 
security issue in an extreme form. Any 
number of parties both internal and exter- 
nal could be interested in 
influencing our elections. 
Computer science profession- 
als have repeatedly demon- 
strated that the voting 
machines in current use can 
be hacked into changing 
results, and far too many peo- 
ple are in a position to dupli- 
cate this kind of feat. 

So what shall we do to pre- 
vent this? One proposal is that 
we should make the code in voting 
machines open source. This discussion has 
heated up in recent days (see The New 
York Times front page story from Dec. 8, 
2006, "Changes Are Expected in Voting by 
2008 Election"). The Federal Election 
Assistance Committee is requiring that 
voting machine code be made available for 
federal inspection (currently it is a closely 
held proprietary trade secret, and we rely 
on the companies to test their own code). 
A bill proposed by Rep. Rush Holt, D- 
N.J., would go further and require the 
code to be made public, a step toward the 
open-sourcing of such code recommend- 
ed by many scientists in the field. 

CLARIFYING OPEN SOURCE 

Let's look at exactly what we mean by 
open source. It is indeed a somewhat 
general term, with several different 
components. First, there is the impor- 
tant fundamental quality that the source 
code can be examined by anyone. That's 
probably the most important aspect in 
the voting machine case. Second, there 
is the issue of avoiding normal propri- 
etary restrictions that prevent redistrib- 
ution and modification of the code. 

In the case of voting machine code, it 
is important that if flaws are found, they 
can be fixed without the manufacturer 
standing in the way Finally open source 
refers to a free environment in which 
code is created by an open community 
cooperating. 

This open development can be useful 
in achieving rapid development, but must 
of course be somewhat restrained if we 
want to build highly reliable systems. We 
can't have anyone anywhere making arbi- 
trary changes to the software. In fact, in 
practice, open-source software is often 
very carefully controlled by its community. 

At first glance, the idea of making the 
voting machine code public seems like an 
obviously advantageous idea. Not only do 
we now have thousands of skilled pairs of 
eyes examining the code for flaws, but we 
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can also assess the quality of the code. 

If we see a pile of ill-organized 
uncommented code written in C + + 
using all the tricks of that complex lan- 
guage, we may conclude that such code 
was not built in a manner consistent with 
requirements for security To produce 
reliable systems, we have to use rigorous 
development techniques, analogous to 
how an architect designs a building. We 
don't let just anyone design and con- 
struct a building in a haphazard manner, 
leaving it to building inspectors after the 
fact to guarantee safety, and we can't 
produce reliable software in a haphazard 
manner either. 

In the software arena, we use appropri- 
ate languages for safety- or security-critical 
software development — for example, a 
rigorously controlled language 
subset designed for such 
purposes — and we fol- 
low standardized de- 
velopment techniques. 
If/when the code and its 
supporting project docu- 
mentation are opened 
up, we can check that the 
system was developed 
using appropriate tech- 
niques, including per- 
haps the formal testing 
materials we would ex- 
pect for avionics code. 

Furthermore, if we open-source the 
code, the hackers of the world (and we 
use this term in its original non-pejora- 
tive sense) who delight in finding errors 
in code, will be quick to point out prob- 
lems they find, and report them. 

A LOOK AT THE OBJECTIONS 

All in all, open-sourcing voting machine 
code seems a clear win, so what's the ob- 
jection? 

There are two objections. First, the 
manufacturers claim proprietary rights, 
and object to their trade secret code 
being revealed. 



Frankly, I find such objections disin- 
genuous. If the designers of the new 
building replacing the World Trade 
Center refused to share any details of 
their design with the public, and simply 
promised us that it would be safe, we 
would not let them break ground. The 
security of our republic depends on reli- 
able voting in which the public has con- 
fidence. The proprietary rights of a few 
companies cannot take precedence over 
this. There are many ways in which such 
companies can be properly compensat- 
ed for their work, not least of which is 
the revenue from selling the machines. 

A more fundamental argument is that 
open-sourcing the code will reduce 
security by giving hackers (in the more 
modern evil sense), terrorists and others 
who would subvert 
our democracy ac- 
cess to the code 
so they can look 
for flaws. Michelle 
Shafer, a vice presi- 
dent at Sequoia Vot- 
ing Systems, said 
that while the indus- 
try was willing to give 
I the source code to a 
small number of spe- 
cific individuals with a 
need to know," making 
it universally available 
would give it to people with malicious 
intent, making the system less secure. 

Is this argument valid? Well, certain- 
ly if the code is made public, there will 
be those looking for flaws to exploit. So 
are we better off relying on keeping the 
code secret? Perhaps we might think so, 
if there were such a thing as a secret 
(something no one knows). But in real 
life there are no secrets. If we rely on 
secret code that is buggy and attackable, 
then we are relying on the integrity of 
those who know the secret. 

The "No More Secrets" phrase from 
the movie "Hackers" is really what gov- 




erns here. We just cannot rely on 
secrets to protect knowledge of serious 
flaws. Even if the secret is held careful- 
ly, competent hackers can reverse-engi- 
neer software components to find out 
what is inside them. (This happens all 
the time with Microsoft's Windows, 
where security flaws are discovered 
using this technique.) I once heard a 
talk by Markus Kuhn, now at Purdue, at 
that time at Cambridge University, in 
which he described the techniques that 
had allowed them to reverse engineer 
all smart cards they had ever seen in the 
lab, and determine the code they con- 
tained, despite the fact that these cards 
were designed to make this impossible. 
Instead of relying on secrecy, we must 
achieve code that is demonstrably error- 
free and safe from attack. The only way to 
achieve this is to allow general public 
inspection, and the only way that the pub- 
lic can have confidence is if the profes- 
sional community can examine the code 
and proclaim that it meets the highest 
standards. The current situation is that 
this community of experts, relying on 
reverse engineering, finds lots of errors 
and undermines any confidence we could 
have that the code is correct. 

RESTORING CONFIDENCE 

Voting machines are a pillar of our 
democracy, and just as democracy 
belongs to the people, all the details of 
this pillar must also belong to the peo- 
ple. If we lose faith in our electoral 
process, the damage done is irreparable. 
In the coming months, the debate on the 
Holt bill will make this issue central to 
the public debate. I see only two viable 
possibilities. Either we return to paper 
and mechanical devices we trust, or we 
open up the technology so that the new 
electronic machines can earn the same 
level of confidence. Perhaps the public 
debate over the voting machine case will 
serve to educate the public on this 
important general issue. I 

Robert Dewar is president and CEO of 
AdaCore, and is also emeritus professor of 
computer science at New York University. 



Active and Class 2 Passive Tags Driving RFID Growth 

A recent report from Aberdeen Group highlights the enabling role of 
radio freguency identification (RFID) technology in improving the vis- 
ibility of supply-chain operations. Although RFID tags aren't a solution 
to supply-chain problems, they do allow businesses an unprecedent- 
ed glimpse into the movement of goods across the globe. 

"Total Supply Chain Visibility With RFID" discusses the realities of 
RFID solutions, cautioning businesses against adopting solutions that 
promise short-term ROI while ignoring the need for future scalability, 
and conceding that a collaborative and comprehensive RFID supply- 
chain solution is neither cheap nor easy. 

According to the November 2006 report, cross-platform compati- 
bility and flexibility are driving the adoption of the more advanced 
EPC (electronic product code) Class 2 passive tags, which hold more 
data than Class or Class 1 tags, and can be updated during the sup- 
ply process. Active tags are proving especially popular in cases where 
the tags can be reused, or where the product is especially valuable. 
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These will be the fastest-growing RFID technologies, according to 
Aberdeen Group, which compiled the figures from a survey of more 
than 500 supply-chain companies; those not yet using RFID were 
asked about their planned deployments. source: Aberdeen Group 



• SUFimiAE KVELD*H3l 




~1i I tfctl r HiMWV In tilln.i* IthtVuYMf. kriuu'l 

Software Development Times 

Issue No. 166 

January 15, 2007 

Editorial 

Editor-in-Chief 

David Rubinstein 

+1-631-421-4158 xl05 
drubinstein@bzmedia.com 

Managing Editor Columnists 

Patricia Sarica Andrew Binstock 

psarica@bzmedia.com Larry O'Brien 



Senior Editors 

P.J. Connolly 

pjconnolly@bzmedia. com 

Jennifer deJong 

jdejong@bzmedia. com 

Alex Handy 

ahandy @bzmedia. com 

Assistant Editor 

Jeff Feinman 

jfeinman@bzmedia.com 



Contributing Writers 

Mary Jo Foley 
Geoff Koch 
Susan Messenheimer 
Lisa L. Morgan 
Carol Weiszmann 

Editorial Director 

Alan Zeichick 

+1-650-359-4763 
alan@bzmedia.com 



Art & Production 


Art Director 


Art/Production 


Mara Leonardi 


Assistant 




Erin Broadhurst 


Sales & Marketing 


Publisher 


Advertising Traffic 


Ted Bahr 


Phyllis Oakes 


+1-631-421-4158 xlOl 


+1-631-421-4158 xllS 


ted@bzmedia.com 


poakes@bzmedia. com 


Southwest U.S./Asia 


Marketing Manager 


Robin Nakamura 


Marilyn Daly 


+1-408-445-8154 


+1-631-421-4158 xll8 


rnakamura@bzmedia.com 


mdaly @bzmedia. com 


Northwest U.S./ 


List Services 


Canada 


Nyla Moshlak 


Paula F. Miller 


+1-631-421-4158 xl24 


+1-925-831-3803 


nmoshlak@bzmedia. com 


pmiller@bzmedia.com 






Reprints 


Southeast U.S./ 


Lisa Abelson 


Europe 


+1-516-379-7097 


Jonathan Sawyer 


labelson@bzmedia.com 


+1-603-924-4489 




jsawyer@bzmedia.com 


Accounting 


Northeast/ 
Central U.S./Canada 


Viena Isaray 

+1-631-421-4158 xllO 


David Lyman 


visaray @bzmedia. com 


+1-978-465-2351 




dlyman @bzmedia. com 




Reader Service 


Director of 


Customer Service/ 


Circulation 


Subscriptions 


Agnes Vanek 


+1-847-763-9692 


+1-631-421-4158 xlll 


sdtimes @halldata. com 


avanek@bzmedia.com 





BZ Media 

President 

Ted Bahr 

Executive Vice President 

Alan Zeichick 



BZ Media LLC 

7 High Street, Suite 407 
Huntington, NY 11743 
+1-631-421-4158 
fax +1-631-421-4045 
www.bzmedia.com • info@bzmedia.com 



/"EPA 

■ ii ■ hn 1 1 




SCON™ 2007 



4th Annual Gatheri 
of the Eclipse 
Community 

Attend EclipseCon 2007 

EclipseCon is the premier technical and 
user conference focusing on the power of 
the Eclipse platform. From implementers 
to users, and everyone in between, if 
you are using, building, or considering 
Eclipse, EclipseCon is the conference you 
need to attend. 

Over 200 Sessions 
and Tutorials Including: 

- Business 

- C/C++ Development 

- Database Development 

- Industry Vertical 
-Java Development 

- Mobile and Embedded 

- Modeling 
-OSGi 

- Project Mashups 

- Reporting 

- Rich Client Platform 

- SOA Development 

- Test and Performance 

- Technology and Scripting 

- Tools 

- Web Development 
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Robert 
Lefkowitz 
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Thompson 



This is your opportunity to get in-depth technical 
information from the Eclipse experts, learn the latest 
tips and techniques for using the tools, network 
with fellow enthusiasts and experience the breadth 
and depth of the Eclipse community. Attending 
EclipseCon will expand your knowledge and make 
Eclipse work better for you. 



March 5th - 8th 
Santa Clara, California 

Register at: 
www.eclipsecon.org 
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I've decided to stop being polite about 
the WS-* stack. I shipped my first 
XML-over-HTTP solution more than 
seven years ago. SOAP didn't exist, so 
we just used servlets to parse requests 
and respond appropriately, a technique 
that today is called "Plain Old XML" 
(POX). We did lots of things that, in lat- 
er years, would be considered wrong — 
we didn't use namespaces, we didn't fret 
a great deal about validation, we con- 
structed our XML using string-process- 
ing commands — and, of course, there 
were pain points in what we developed. 
Yet we shipped. 

In 2000, 1 first heard the refrain that's 
become so familiar since: The coming 
wave of vendor-provided tools would 
simultaneously simplify development and 
enable new scenarios. Simplify? Con- 
structing and parsing XML documents 
was even then about as hard as falling off 
a log, but anything can be made easier. 
The new scenarios envisioned in the year 
2000 centered around guarantees: deliv- 
ery, execution (via transactions) and pri- 
vacy (via encryption). Quicker than you 
can say "https," these were then bundled 
together into a "distributed trusted trad- 
ing partner supply-chain." In the face of 
such an important-sounding thing, I 
began my sorry history of capitulation. 
POX worked well for me and Roy Field- 
ing's thesis (roy.gbiv.com/pubs/dissertation 
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/rest_arch_style.htm) seemed eminently 
logical, but, geez, if you're trying to pro- 
gram a supply-chain with distributed 
trusted trading partners, then maybe 
WS-* has its advantages. 

Every year since then, it's gone the 
same way: I worked on systems and, 
invariably, those that used POX and 
REST had very little pain 
about tooling and debugging. 
Those that used WS-* proto- 
cols generally went fine — as 
long as everyone used the same 
tool set. If they used .NET 
exclusively, great. If they used I 
Axis exclusively, great. If they 
used Random Programming 
Language exclusively, great. 
But what about when worlds 
collide? When you try to point 
a Java-based tool at a .NET-generated 
WSDL file or vice versa? Trouble. 

I've advocated REST and POX in this 
column over the years, but never at the 
expense of WS-*, for which I always gave 
a "to be sure, complex scenarios may 
call. . ." deferral. No more. The final straw 
came when I found myself tracing a 
WS-* service call with a network sniffer. 
A network sniffer! In order to see why my 
multihundred-dollar, best-in-breed tool 
wasn't able to interact with my "simple" 
Web service! What is this, NetWare in 
1992? With REST, the URI endpoint for 
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the communication is universally reach- 
able — point a browser at it to see the 
client view, toss a server page in there to 
see the server view. With POX, you're just 
a cut-and-paste away from parameter and 
response validation and automation. 

Do problems about types and seman- 
tics arise with REST and POX? Of 
course they do. But, and this 
is the point that is skipped 
over by the WS-* salesmen, 
n the same problems arise with 
WS-*. The very point of a ser- 
vice-oriented architecture is 
that you're cleaving a very 
complex domain into a set of 
^# V I subdomains with different 
responsibilities; the complexi- 
ty of negotiating what travels 
across the borders between 
those domains is an essential, not acci- 
dental, characteristic. In the face of such 
complexity, the best architectural choice 
is the one that provides the most visibili- 
ty, so that problems and ambiguities can 
be quickly identified and addressed. 

In the case of function calls and pro- 
gramming languages, I take this principle 
to advocate for explicit typing. In the case 
of service calls over the network, this prin- 
ciple advocates for REST and POX. This 
initially may seem contradictory, but not 
when you consider another fundamental 
principle of network service design: Web 
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services must be coarse-grained. For in- 
memory functions, a typical program con- 
tains calls to dozens or hundreds of differ- 
ent functions, and outside of embedded 
systems, there's little penalty and general- 
ly some clarity in designing fine-grained 
functions. In that situation, explicit type 
information (and unit testing, documenta- 
tion, etc.) help with comprehension. 

The cost of transporting a call over 
the Internet, though, is huge. Each call 
in a properly designed service-oriented 
architecture involves significant prepara- 
tion and post-call work (UIs based on 
AJAX are dramatic, and kludgy, excep- 
tions). The vast majority of developers 
understand the issue and design coarse 
Web service calls. When parameters or 
responses are expressed in large, hierar- 
chical, text-based chunks (in other 
words, as XML documents), the added 
benefits derived from automating the 
parameter types are minimal. As for the 
rest — security, transactions, discovery 
and so forth — the WS-* forces have 
failed to prove their case. WS-* is harder, 
not easier, than REST to implement. It's 
less, not more, interoperable. It's the 
product of vendor committees, not prob- 
lem-solving developers. For more than 
half a decade they've promised, "The 
ease-of-use breakthrough will come real 
soon now." It hasn't. The debate should 
be put to REST. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 



Making Your Own PDFs 



Many software packages today have 
some kind of bundled reporting 
option. Many of these packages use 
either a home-brewed solution or they 
depend on the seemingly ubiquitous 
Crystal Reports engine. Increasingly, 
though, users expect that a PDF report 
can be generated, rather than the usual 
HTML display or Microsoft Word or 
Excel-based document. 

In the past, these PDF-oriented users 
would fend for themselves by getting 
software that would create a virtual print- 
er on their system. Documents "printed" 
to this device would be rendered as PDF 
files that the user was then free to save as 
needed. Adobe's Acrobat package pro- 
vides one such solution. Another good 
option is pdfFactory from FinePrint 
(www.fineprint.com). There are also 
some freeware products that offer similar 
functionality. However, not having tried 
them, I cannot vouch for them. 

But this approach is hardly right for 
the majority of users, who are unlikely to 
install a printer driver just because you 
couldn't figure out how to provide them 
with reports in PDF. Fortunately, you 
have options. 

There are several commercial pack- 
ages, such as the ActivePDF (www 



.activePDF.com) line of products that do 
document conversion or generation of 
PDFs. In their standard configuration, 
they reside on a server and handle docu- 
ments either from client systems or gen- 
erated on the server itself. These products 
tend to be especially strong in handling 
PDF-based forms, which are filled in 
incrementally as various stages 
of a transaction are executed. 

The most flexible solution 
for PDF creation I have 
encountered, however, is a 
free, open-source library 
called iText (www.lowagie 
.com/iText). This is a Java 
library with an extensive API 
set for controlling all facets of 
document generation. iText 
handles even tricky elements 
with aplomb: multiple columns, embed- 
ded images, justification, multiple fonts, 
including fonts that read from right to 
left, and so on are all provided for with 
straightforward API calls. 

The most common use of iText is on a 
Java server, from where it spits out PDFs 
to the servlet engine, which then delivers 
it to the user. Frequently, you will code 
the document using the basic APIs, leav- 
ing certain areas blank. Then as you run 
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the report, you fill these areas with data 
and write them out to the document 
using iText calls. The library can also out- 
put HTML and Microsoft RTF files. 

While the iText Web site has remark- 
ably good documentation on it, the best 
place to get the information you need — 
especially in the case of using iText in con- 
junction with JSPs and Web 
frameworks — is in a newly re- 
leased book, "iText In Action" 
from Manning Publications, a 
publisher of consistently high- 
quality niche books. This vol- 
ume is no exception, and it 
makes a topic that will surely 
be foreign to many users 
entirely approachable. 

iText is remarkable for its 
comprehensive feature set. 
Just about anything you can do in PDF 
(watermarks, signatures, security, metada- 
ta, tagging and so forth) can be done in 
iText. What surprised me is that iText is 
unique: To my knowledge, there is no oth- 
er freeware package with its capabilities, 
or even a large subset of them. Unique- 
ness in open source, where almost all pro- 
jects have several direct, competing coun- 
terparts, is comparatively rare. Perhaps 
due to this, the iText team is just complet- 



ing a port to the .NET platform. (See 
itextsharp.sourceforge.net.) It is written in 
C# and runs on .NET 1.1 or later. The lead 
on the iText project, Bruno Lowagie, at 
the University of Ghent, in Belgium, hints 
that other ports are likely in the future. 

My own exposure to iText has come in 
the context of an open-source project I 
work with, called Platypus (platypus 
.pz.org), which is devising a document 
specification language in the spirit of 
TeX. The funny name is a loose acronym 
for Page LAyout and TYPesetting for 
USers. The "for users" is a key point: It 
seeks to be far easier to use than TeX or 
LaTeX. It also will have special capabili- 
ties for program code (such as intelligent 
line breaks for code and the ability to 
embed numerical symbols for reference 
in subsequent text). A reporting engine is 
an additional feature. 

The project, in Java, was restarted 
when iText was discovered. Previously, 
Platypus was written in C and focused 
on providing the low-level functionality 
that iText delivers comprehensively. And 
so, from this experience, I am intimately 
aware of how easy iText makes PDF 
document creation and can recommend 
it as an excellent solution for your next 
report project. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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Intel's Multicore Corps 



By the end of 2007, 100 percent of 
the server processors produced by 
Intel will be multicore, and about 90 
percent of the processors it creates for 
desktop and laptop computers will also 
have two or more cores. 

Yet getting developers educated to 
take advantage of these multiple cores 
has not been a part of any traditional 
development curriculum — 
primarily because up until a 
few years ago, there were no 
multicore processors available 
to work with. 

So Intel, through its Soft- 
ware and Solutions Group 
(SSG), is embarking on a 
number of initiatives to 
advance the technology, and 
the knowledge base required 
to leverage it. 

The group, which employs some 
3,000 people, already reaches out to 
ISVs and the major operating system 
vendors to see how they can take advan- 
tage of the multiple cores and virtualiza- 
tion technology available in the chip 
platforms. 

In a global effort to drive adoption of 
the new hardware capabilities, Intel has 
set up curriculum in 45 universities 
around the world in threading of code 
and parallelism, to help developers 
understand and leverage the new chip 
architecture. 

According to John Middleton, 
director of marketing for the SSG, uni- 
versities in North America and else- 
where have been equally receptive to 
the new coursework. "At universities in 
North America, where [computer sci- 
ence] programs are more established, 
it's a matter of adding this element 
to their [course] infrastructure. In a 
place where software is an emerging 
economy, their [college] programs 
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aren't as mature, so any engagement 
they can get that helps them fuel the 
technical depth of their program, 
they're all over that." 

Raw numbers back up Intel's play 
overseas. The growth of software engi- 
neering graduates in Russia, China and 
Latin America is between five and eight 
times higher than that of the United 
States, according to statistics 
cited by the U.S. Chamber 
of Commerce. Others, 
though, dispute the figures 
and say the term "engineer" 
does not translate well into 
foreign dialects, so that 
someone with the skills of a 
technician might be classi- 
fied as an engineer. There 
can be no debate, however, 
that these overseas areas are 
in the process of ramping up their soft- 
ware industries. 

It is in these emerging markets that 
Intel believes growth of the multicore 
processors will explode, so the company 
already is taking steps to position itself 
for that growth. Intel itself has develop- 
ment centers in Russia, China and 
Argentina, among other locations, and 
its venture capital fund makes more than 
60 percent of its investments outside of 
North America. 

"When you're an established ISV in 
the United States, you must service the 
installed base by writing software to 
platforms and architectures already in 
place," Middleton said. Overseas, he 
noted, the deployment of PCs is not 
as mature, and the installed base is 
growing up multicore. "It makes sense 
from the get-go to take advantage of 
multicore processors, where you don't 
have the mature legacy systems to 
maintain." 

Middleton pointed out that the Chi- 



nese government has created incentives 
for the creation of software "parks" — 
much like our industrial parks — to 
encourage local software development 
and to grow the industry. These centers 
bring together software companies, uni- 
versity curricula and capital to build a 
critical mass around these local efforts, 
he explained. 

Back in the United States, the SSG 
uses enterprise account advisers to call 
on end-user accounts, to advise them 
through the chip transitions. SSG also 
offers fee-based consulting for complex 
implementations. "All this puts us in 
contact with key and forward-looking 
developers in the ISV and enterprise 
communities," Middleton said. "We 
need to understand the usage model 
from the end-user perspective, so we 
can learn what tricks and hooks we can 
put into the hardware platform" that let 
users maximize their applications. 

One hook Intel is investing in for 
2007 is virtualization. The company's 
technology is designed to help vendors 
that sell virtual machine monitors and 
software to make reliable partitions. As 
Intel's solution is implemented both in 
hardware and software, it can operate 
faster than a software-only system, Mid- 
dleton said. 

"For now, the virtualization technolo- 
gy part of our processors is focused on 
helping virtualization software utilize 
the processor. Our road map includes 
facilities for virtualization of I/O 
devices," he said. 

And then there is software as a ser- 
vice. Intel is looking into how it can 
adapt its platforms to help people sell- 
ing software as a service take full 
advantage of the new processor capa- 
bilities. 

That's just another example of think- 
ing outside the box to learn what to put 
inside the box. I 
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Apple will add US$84 million in after-tax non-cash stock-based 
compensation expense to its bottom line after an investigation 
found irregularities in the awarding of past stock options. 
The company last June announced that an internal review had 
discovered irregularities between 1997 and 2001, including a 
stock-option grant to CEO Steve Jobs. The investigation, 
performed by an independent audit committee chosen by 
Apple's board of directors, found that Jobs was aware of, or rec- 
ommended the selection of, some favorable grant dates, but 
noted he did not financially benefit from these grants. The 
company restated financials back to 2002, and indicated the 
impact on income would be $4 million in 2006. 

EARNINGS: Apple reported an increase in 2006 net sales of 
US$5.4 billion over 2005. Net sales of iPods increased $3.1 
billion from 2005, with unit sales totaling 39.4 million. From 
the introduction of the iPod in 2002 through 2006, Apple has 
sold approximately 68 million of the music players. Macintosh 



net sales increased $1.1 billion during 2006 compared with 
2005. Net sales of software, service and other sales increased 
$188 million. The growth was primarily attributable to increased 
net sales of AppleCare Protection Plan (APP) extended service 
and support contracts and application software, partially 
offset by a decrease in sales of Mac OS X. Mac OS X sales 
were particularly high in 2005 due to the release of Mac OS X 
Tiger in April 2005 . . . TIBCO Software reported record 
results for its fourth fiscal quarter ended Nov. 30, with revenue 
of US$161 million and net income of $31.5 million. This compares 
with revenue of $134.4 million and net income of $26.6 million 
for the fourth fiscal quarter of 2005. "We finished the year 
strong, delivering significant new product releases to the 
market and demonstrating solid execution across the board," 
said Vivek Ranadive, TIBCO's chairman and chief executive offi- 
cer. TIBCO also has undertaken a stock repurchase program 
under which it may repurchase up to $100 million of its out- 
standing common stock. I 



EVENTS CALENDAR 



RSA Conference 

San Francisco 
RSA SECURITY 

www.rsaconference.com/2007/US 



Feb. 5-9 



SCALE 5x Feb. 10-11 

(Southern California Linux Expo) 

Los Angeles 

SOCAL LINUX USER GROUPS 

www.socallinuxexpo.org/scale5x 



SHARE User Events 

Tampa, Fla. 
SHARE 

www.share.org 



Feb. 11-16 



LinuxWorld 
OpenSolutions Summit 

New York 

IDG WORLD EXPO 

www.linuxworldexpo.com/live/14 



Feb. 14-15 



EclipseCon 

Santa Clara 
ECLIPSE FOUNDATION 

www.eclipsecon.org/2007 



March 5-8 



Game Developers 
Conference 

San Francisco 
CMP MEDIA 

www.gdconf.com 



March 5-9 



Developer Relations 
Conference 

San Francisco 
EVANS DATA 

www.evansdata.com/drc 



March 12-13 



BrainShare 

Salt Lake City 
NOVELL 

www.novell.com/brainshare 



March 18-23 



SD West 

Santa Clara 
CMP MEDIA 

www.sdexpo.com 



March 19-23 



VSLive March 25-29 

San Francisco 

FAWCETTE TECHNICAL PUBLICATIONS 

www.ftponline.com/conferences/vslive/2007/sf 



Emerging Technology 
Conference 

Burlingame, Calif. 
O'REILLY MEDIA 

conferences.oreillynet.com/et2007 



March 26-29 



Embedded Systems 
Conference 

San Jose 
CMP MEDIA 

www.embedded.com/esc/sv 



April 1-5 



Web 2.0 Expo 

San Francisco 
O'REILLY MEDIA 

www.web2expo.com 



April 15-18 



Software Security Summit April 16-17 

San Mateo, Calif. 
BZ MEDIA 

www.S-3con.com 

Software Test & April 17-19 

Performance Conference 

San Mateo, Calif. 
BZ MEDIA 

www.stpcon.com 

For a more complete calendar of U.S. software 
development events, see www.bzmedia.com/calendar. 
Information is subject to change. Send news about 
upcoming events to events@bzmedia.com. 
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